CVE-2025-66400
📋 TL;DR
CVE-2025-66400 is a vulnerability in mdast-util-to-hast versions 13.0.0 through 13.2.0 that allows attackers to inject multiple unprefixed classnames into rendered HTML via character references in markdown. This could make malicious markdown elements blend in with legitimate page styling, potentially enabling phishing or UI deception attacks. Applications using vulnerable versions of this library to render user-supplied markdown are affected.
💻 Affected Systems
- mdast-util-to-hast
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could create markdown elements that perfectly mimic legitimate page components, enabling sophisticated phishing attacks, credential theft, or content manipulation that appears legitimate to users.
Likely Case
Limited UI deception where attackers can make their content appear styled like legitimate page elements, potentially tricking users into interacting with malicious content.
If Mitigated
With proper input sanitization and output encoding, the impact is minimal as the class injection would be neutralized before rendering.
🎯 Exploit Status
Exploitation requires the ability to supply markdown content that gets rendered by the vulnerable library. No authentication bypass is needed if markdown input is accepted from unauthenticated users.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 13.2.1
Vendor Advisory: https://github.com/syntax-tree/mdast-util-to-hast/security/advisories/GHSA-4fh9-h7wg-q85m
Restart Required: No
Instructions:
1. Update mdast-util-to-hast to version 13.2.1 or later. 2. Run 'npm update mdast-util-to-hast' or update your package.json to specify '^13.2.1'. 3. Rebuild and redeploy your application.
🔧 Temporary Workarounds
Input Sanitization
allSanitize user-supplied markdown to remove or escape character references before processing with mdast-util-to-hast.
Output Encoding
allApply HTML encoding to class attributes in the rendered output to neutralize injected classnames.
🧯 If You Can't Patch
- Implement strict content security policies to limit the impact of injected classnames
- Disable user markdown rendering or implement approval workflows for user content
🔍 How to Verify
Check if Vulnerable:
Check your package.json or package-lock.json for mdast-util-to-hast version. If version is between 13.0.0 and 13.2.0 inclusive, you are vulnerable.Check Version:
npm list mdast-util-to-hastVerify Fix Applied:
Verify mdast-util-to-hast version is 13.2.1 or higher. Test that character references in markdown class attributes are properly escaped in rendered output.📡 Detection & Monitoring
Log Indicators:
- Unusual markdown input patterns with character references in class attributes
- Multiple class attributes in rendered HTML from user content
Network Indicators:
- Markdown submissions containing encoded HTML entities in class attributes
SIEM Query:
Search for markdown submissions containing '&' followed by class-related patterns in web application logs