Description

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0.

INFO

Published Date :

2025-08-19T16:58:41.120Z

Last Modified :

2025-08-19T17:09:32.759Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54880 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54880.

URL Resource
https://github.com/mermaid-js/mermaid/commit/2aa83302795183ea5c65caec3da1edd6cb4791fc cve-icon cve-icon
https://github.com/mermaid-js/mermaid/commit/734bde38777c9190a5a72e96421c83424442d4e4 cve-icon cve-icon
https://github.com/mermaid-js/mermaid/security/advisories/GHSA-8gwm-58g9-j8pw cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability