debian · CVE-2025-9670

Quick triage

Priority: not yet assigned Published: Updated: Fri, 17 Jul 2026 14:09:35 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-9670 not yet assigned priority: Debian including 1 source packages (node-turndown), 4 status rows across 4 suites (bookworm, forky, sid, trixie): open 2, resolved 2.

Description:

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

cvelogic Threat Intelligence