CVE-2025-9670 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-9670 PUBLISHED CVSS 6.900000095367432 MEDIUM

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

EPSS 0.06% · 18.1th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

EPSS Score

0.06%

18.1th percentile

Affected Products

Vendor	Product	Versions
mixmark-io	turndown	7.2.0, 7.2.1, 7.2.0

Timeline

Aug 29, 2025 CVE Published
Aug 29, 2025 CVE Updated
Aug 29, 2025 PoC Published
Aug 30, 2025 EPSS Score
Sep 6, 2025 EPSS Score
Sep 13, 2025 EPSS Score
Sep 20, 2025 EPSS Score
Sep 28, 2025 EPSS Score
Oct 5, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 26, 2025 EPSS Score

References

Open in Interactive Console →