UBUNTU-CVE-2025-6493

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-6493

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-6493

Upstream

CVE-2025-6493

Published

2025-06-22T22:15:00Z

Modified

2026-01-20T18:39:02.473441Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

A weakness has been identified in CodeMirror up to 5.65.20. Affected is an unknown function of the file mode/markdown/markdown.js of the component Markdown Mode. This manipulation causes inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 6.0 is able to address this issue. You should upgrade the affected component. Not all code samples mentioned in the GitHub issue can be found. The repository mentions, that "CodeMirror 6 exists, and is [...] much more actively maintained."

References

Affected packages

Ubuntu:16.04:LTS

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.4.0-1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.4.0-1",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"

Ubuntu:18.04:LTS

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.19.0-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.4.0-1

5.19.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.19.0-1",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"

Ubuntu:20.04:LTS

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.51.0-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.43.0-1

5.49.2-1

5.50.2-1

5.51.0-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.51.0-1",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"

Ubuntu:22.04:LTS

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.65.0+~cs5.83.9-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.59.2+~cs0.23.109-1

5.62.2+~cs5.83.6-1

5.63.3+~cs5.83.9-1

5.65.0+~cs5.83.9-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.65.0+~cs5.83.9-1",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"

Ubuntu:24.04:LTS

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.65.0+~cs5.83.9-3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.65.0+~cs5.83.9-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.65.0+~cs5.83.9-3",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"

Ubuntu:25.10

codemirror-js

Package

Name: codemirror-js
Purl: pkg:deb/ubuntu/codemirror-js@5.65.0+~cs5.83.9-3?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.65.0+~cs5.83.9-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "5.65.0+~cs5.83.9-3",
            "binary_name": "libjs-codemirror"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-6493.json"