UBUNTU-CVE-2025-54880

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-54880

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-54880.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-54880

Upstream

CVE-2025-54880

Published

2025-08-20T00:00:00Z

Modified

2025-08-21T07:03:16.250523Z

Severity

5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0.

References

Affected packages

Ubuntu:22.04:LTS / node-mermaid

Package

Name: node-mermaid
Purl: pkg:deb/ubuntu/node-mermaid@8.13.8+~cs10.4.16-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.7.0+ds+~cs27.17.17-3

8.13.3+ds+~cs26.13.21-1

8.13.3+ds+~cs26.13.21-2

8.13.8+~cs10.4.16-1