CVE-2025-54881
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-54881
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54881.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54881
- Aliases
- Downstream
- Published
- 2025-08-19T17:15:41Z
- Modified
- 2025-08-20T17:03:07.116576Z
- Summary
- [none]
- Details
-
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML during calculation of element size, causing XSS.
- References
-
- https://github.com/mermaid-js/mermaid/security/advisories/GHSA-7rqq-prvp-x9jh
- https://github.com/mermaid-js/mermaid/commit/5c69e5fdb004a6d0a2abe97e23d26e223a059832
- https://github.com/mermaid-js/mermaid/commit/685516a85ec1df64cefd4fd15f26533be87d458e
- https://security-tracker.debian.org/tracker/CVE-2025-54881
Affected packages
Debian:11 / node-mermaid
Package
- Name
- node-mermaid
- Purl
- pkg:deb/debian/node-mermaid?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.7.0+ds+~cs27.17.17-3
8.7.0+ds+~cs27.17.17-3+deb11u1
8.7.0+ds+~cs27.17.17-3+deb11u2
8.9.1+ds+~cs26.20.25-1
8.9.3+ds+~cs29.13.19-1
8.11.0+ds+~cs29.13.22-1
8.13.2+ds+~cs30.13.21-1
8.13.2+ds+~cs30.13.21-1.1
8.13.3+ds+~cs26.13.21-1
8.13.3+ds+~cs26.13.21-2
8.13.8+~cs10.4.16-1
8.14.0+~cs11.4.14-1
Git / github.com/mermaid-js/mermaid
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mermaid-js/mermaid
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
0.*
0.1.0
0.1.1
0.2.0
0.2.1
0.2.10
0.2.13
0.2.14
0.2.15
0.2.16
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
6.*
6.0.0
7.*
7.0.0
7.0.2
7.0.3
7.0.5
8.*
8.1.0
8.10.1
8.11.0
8.11.0-rc2
8.11.1
8.11.2
8.11.3
8.11.4
8.12.0
8.12.1
8.13.0
8.13.1
8.13.10
8.13.11
8.13.2
8.13.3
8.13.4
8.13.5
8.13.6
8.13.7
8.13.8
8.13.9
8.14.0
8.2.0
8.2.1
8.2.2
8.2.3
8.2.4
8.2.5
8.2.6
8.3.0
8.4.0
8.4.1
8.4.2
8.4.3
8.4.4
8.4.6
8.4.8
8.5.1
8.5.2
8.6.0
8.6.2
8.6.3
8.6.4
8.7.0
8.8.0
8.8.1
8.8.2
8.8.3
8.9.0
8.9.1
8.9.2
8.9.3
9.*
9.0.0
9.0.1
9.1.0
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.1.6
real-8.*
real-8.13.5
Other
untagged-31c93788afe260d914bb
untagged-502e9410f3e7fd2ed484
untagged-566ebfbf21141b604025
untagged-7651dabb407ecd5631ce
untagged-78173a5e15ffdf8f1e6a
untagged-f43366252632a1a42020
untagged-f83ec2a9deaf6677e0c7
v10.*
v10.0.0
v10.0.1
v10.0.2
v10.1.0
v10.2.0
v8.*
v8.8.4
v9.*
v9.1.7
v9.2.0
v9.2.1
v9.2.2
v9.3.0
v9.4.0
v9.4.2
v9.4.3