Home

Description

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values.

PUBLISHED Reserved 2025-04-22 | Published 2025-06-17 | Updated 2025-08-26 | Assigner mitre




LOW: 2.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status
unaffected

Any version
affected

References

gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424

github.com/github/advisory-database/pull/5730

cve.org (CVE-2025-45525)

nvd.nist.gov (CVE-2025-45525)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.