CVE-2025-68142
ReDoS Vulnerability in PyMdown Blocks.Caption Causes Processing Hangs
Publication date: 2025-12-16
Last updated on: 2026-02-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| facelessuser | pymdown-extensions | 10.16.1 |
| facelessuser | pymdown_extensions | From 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Regular Expression Denial of Service (ReDOS) bug in the PyMdown Extensions package, specifically in the figure caption extension module (`pymdownx.blocks.caption`). The issue is caused by an inefficient regular expression pattern that matches figure caption numbers. Because the pattern uses an unescaped dot ('.') which matches any character, it can cause catastrophic backtracking when processing specially crafted malicious input. This leads to long processing hangs or delays when handling unchecked user content. The vulnerability was fixed by escaping the dot in the regex pattern in version 10.16.1. [2, 1]
How can this vulnerability impact me? :
If you use a vulnerable version of PyMdown Extensions (prior to 10.16.1) and process unchecked or untrusted user content with the figure caption extension enabled, an attacker can craft malicious input that triggers the inefficient regular expression. This can cause your system to hang or experience long delays while processing the input, effectively resulting in a denial of service. This can disrupt normal operations and degrade system availability. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system is using a vulnerable version of pymdown-extensions prior to 10.16.1, specifically if the pymdownx.blocks.caption extension is in use. Since the issue is a ReDOS vulnerability triggered by crafted input causing long processing hangs, detection can involve monitoring for unusually long processing times or hangs when rendering markdown content with figure captions. There are no specific commands provided in the resources for detection, but you can check the installed version of pymdown-extensions using a command like `pip show pymdown-extensions` or `pip list | grep pymdown-extensions` to verify if the version is older than 10.16.1. Additionally, testing with a proof-of-concept payload that causes the regex to hang (e.g., a long sequence of '1's followed by an 'a' in figure captions) can help detect the vulnerability in your environment. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate steps to mitigate this vulnerability are to upgrade pymdown-extensions to version 10.16.1 or later, where the ReDOS issue in the figure caption extension is fixed. If upgrading is not immediately possible, avoid using the `pymdownx.blocks.caption` extension, especially when processing untrusted or unchecked user content. Additionally, implement timeouts or other safeguards to prevent processing of very large or maliciously crafted inputs that could trigger the vulnerability. [2]