CVE-2025-5897: 
JavaScript vulnerability analysis and mitigation

A vulnerability (CVE-2025-5897) was discovered in vuejs vue-cli versions up to 5.0.8. The issue affects the HtmlPwaPlugin function within the packages/@vue/cli-plugin-pwa/lib/HtmlPwaPlugin.js file of the Markdown Code Handler component. The vulnerability has been classified as problematic and involves inefficient regular expression complexity that can be initiated remotely (VulDB, NVD).

The vulnerability is related to inefficient regular expression complexity, classified under CWE-1333 (Inefficient Regular Expression Complexity) and CWE-400 (Uncontrolled Resource Consumption). The issue has received a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. Additionally, it has a CVSS v4.0 Base Score of 5.3 (MEDIUM) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (NVD).

The vulnerability can lead to extremely high CPU usage, application freezing, or denial of service attacks when specially crafted input strings are processed. The primary impact is on system availability, with no direct effect on confidentiality or integrity (GitHub PR).

The recommended mitigation is to upgrade to a patched version of vue-cli. A fix has been proposed through a pull request on GitHub that addresses the inefficient regular expression issue (GitHub PR).