CVE-2025-69534

Name
CVE-2025-69534
Description
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://github.com/Python-Markdown/markdown
cve@mitre.org https://github.com/Python-Markdown/markdown/actions/runs/15736122892
cve@mitre.org https://github.com/Python-Markdown/markdown/issues/1534
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2026/03/06/4

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python-markdown:markdown:3.8:*:*:*:*:python:*:* py3-markdown == None == 3.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-markdown edge-main 3.8-r0 fossdd <fossdd@pwned.life> possibly vulnerable
py3-markdown 3.22-main 3.8-r0 fossdd <fossdd@pwned.life> possibly vulnerable