CVE-2025-45525
BaseFortify
Publication date: 2025-06-17
Last updated on: 2025-08-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-45525 is a null pointer dereference vulnerability in microlight.js version 0.0.7, a lightweight syntax highlighting library. The issue occurs when the library processes elements with non-standard CSS color values. It uses a regular expression to extract RGB/RGBA color components from an element's computed style. If the CSS color value does not match the expected format, the regex returns null, but the library fails to check this before accessing properties on the result. This leads to an uncaught TypeError and crashes the application. [1]
How can this vulnerability impact me? :
This vulnerability can cause Denial of Service (DoS) by crashing browser tabs running applications that use microlight.js. It can create unstable user experiences and potentially cause data loss if users have unsaved work in affected tabs. [1]