CVE-2025-59717CRITICAL 9.8EPSS p27.8%

CVE-2025-59717CVE-2025-59717

Description

In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.36% probability of exploitation · percentile 27.8% · 2026-06-18T12:00:27Z
Published2025-09-19
Last modified2025-10-08

Underlying weaknesses· 1

CWE-843

References

  1. https://gist.github.com/thesmartshadow/dd19665f1f51a4e3c7a766e70c9eafd0
  2. https://github.com/digitalocean/do-markdownit
  3. https://www.npmjs.com/package/@digitalocean/do-markdownit
  4. https://gist.github.com/thesmartshadow/dd19665f1f51a4e3c7a766e70c9eafd0

1

TypeTargetConfidenceTier
WeaknessAccess of Resource Using Incompatible Type ('Type Confusion')cwe-8430%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65716
CVE
CVE-2025-24981
CVE
CVE-2025-52723
CVE
CVE-2025-65108
CVE
CVE-2025-48169
CVE
CVE-2025-58997
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.