CVE-2025-59940
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mondeja | mkdocs-include-markdown-plugin | 7.1.8 |
| mondeja | mkdocs-include-markdown-plugin | 7.1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in mkdocs-include-markdown-plugin versions 7.1.7 and below involves unvalidated input that can collide with substitution placeholders. This means that the plugin does not properly validate certain inputs, which can interfere with how placeholders are substituted in Markdown content. The issue is fixed in version 7.1.8.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unintended or malicious input to interfere with the Markdown content processing, potentially leading to integrity issues or denial of service. According to the CVSS score, it has a base score of 6.5 with no confidentiality impact but with low complexity and no privileges required, causing integrity and availability impacts.
What immediate steps should I take to mitigate this vulnerability?
Upgrade mkdocs-include-markdown-plugin to version 7.1.8 or later, as this version contains the fix for the vulnerability.