CVE-2025-58451
HIGHcattown < 1.0.2 - Denial of Service via Inefficient Regular Expression Complexity
Title source: llmDescription
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource exhaustion, where processing malicious inputs could cause high CPU or memory usage, potentially leading to denial of service. Version 1.0.2 contains a patch. Additionally, users should review and restrict input sources if untrusted inputs are processed.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/IEatUranium238/Cattown/security/advisories/GHSA-455v-w7r9-3vv9
Patch x_refsource_misc
https://github.com/IEatUranium238/Cattown/commit/70c2a28fb7dc520cfb7e401e0e141bff3dd26ead
Scores
CVSS v4
8.7
EPSS
0.0031
EPSS Percentile
22.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1333
CWE-400
Status
published
Products (2)
IEatUranium238/Cattown
< 1.0.2
npm/cattown
0 - 1.0.2npm
Published
Sep 08, 2025
Tracked Since
Feb 18, 2026