CVE-2025-6498

LOW

Htacg Tidy - Memory Leak

Title source: rule

Description

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

References (5)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.313614

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.313614

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.601009

[Exploit, Issue Tracking] https://github.com/htacg/tidy-html5/issues/1152

[Exploit] https://github.com/user-attachments/files/20438303/tidy-html5_crash_3.txt

Scores

CVSS v3 3.3

EPSS 0.0013

EPSS Percentile 32.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-401 CWE-404

Status published

Products (1)

htacg/tidy 5.8.0

Published Jun 23, 2025

Tracked Since Feb 18, 2026