{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-45525", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-08-26T18:51:45.895Z", "dateReserved": "2025-04-22T00:00:00.000Z", "datePublished": "2025-06-17T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "microlight", "vendor": "asvd", "versions": [{"lessThanOrEqual": "0.0.7", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-20T12:03:14.607Z"}, "references": [{"url": "https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424"}, {"url": "https://github.com/github/advisory-database/pull/5730"}], "tags": ["disputed"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-18T13:20:58.473400Z", "id": "CVE-2025-45525", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-26T18:51:45.895Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-45525", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-18T13:20:58.473400Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T13:24:23.982Z"}}], "cna": {"tags": ["disputed"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 2.9, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}}], "affected": [{"vendor": "asvd", "product": "microlight", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.0.7"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424"}, {"url": "https://github.com/github/advisory-database/pull/5730"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-06-20T12:03:14.607Z"}}}, "cveMetadata": {"cveId": "CVE-2025-45525", "state": "PUBLISHED", "dateUpdated": "2025-08-26T18:51:45.895Z", "dateReserved": "2025-04-22T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-06-17T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before accessing its properties, leading to an uncaught TypeError and potential application crash. NOTE: this is disputed by multiple parties because there is no common scenario in which an adversary can insert those non-standard values."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de desreferencia de puntero nulo en microlight.js (versi\u00f3n 0.0.7), una librer\u00eda ligera de resaltado de sintaxis. Al procesar elementos con valores de color CSS no est\u00e1ndar, la librer\u00eda no valida el resultado de una coincidencia de expresi\u00f3n regular antes de acceder a sus propiedades, lo que provoca un error de tipo no detectado y un posible bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2025-45525", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-06-17T20:15:32.150", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/Rootingg/843368931f70886bed3cf982f10a4424"}, {"source": "cve@mitre.org", "url": "https://github.com/github/advisory-database/pull/5730"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{}

{}