Description
md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. This issue has been patched in version 5.2.5.
EPSS Score:
0%
Comprehensive Technical Analysis of EUVD-2025-198317
1. Vulnerability Assessment and Severity Evaluation
The vulnerability described in EUVD-2025-198317 affects the md-to-pdf CLI tool, which converts Markdown files to PDF using Node.js and headless Chrome. The issue arises from the improper handling of JavaScript delimiters within Markdown front-matter blocks, leading to arbitrary code execution. This vulnerability is classified with a CVSS Base Score of 10.0, indicating a critical severity level. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H underscores the following characteristics:
- Attack Vector (AV:N): Network-based attack.
- Attack Complexity (AC:L): Low complexity required for exploitation.
- Privileges Required (PR:N): No privileges are required.
- User Interaction (UI:N): No user interaction is needed.
- Scope (S:C): The vulnerability affects components beyond its security scope.
- Confidentiality (C:H): High impact on confidentiality.
- Integrity (I:H): High impact on integrity.
- Availability (A:H): High impact on availability.
2. Potential Attack Vectors and Exploitation Methods
The primary attack vector involves embedding malicious JavaScript code within the front-matter block of a Markdown file. When the md-to-pdf tool processes this file, the embedded JavaScript is executed by the underlying Node.js engine, leading to remote code execution (RCE).
Exploitation Methods:
- Crafted Markdown Files: An attacker could craft a Markdown file with a front-matter block containing JavaScript code designed to execute arbitrary commands on the target system.
- Supply Chain Attacks: If the
md-to-pdftool is used in automated workflows or CI/CD pipelines, an attacker could inject malicious Markdown files into the pipeline to compromise the build environment.
3. Affected Systems and Software Versions
The vulnerability affects all versions of the md-to-pdf tool prior to version 5.2.5. Systems and environments that use this tool for converting Markdown files to PDF are at risk, including:
- Development Environments: Developers using the tool for documentation or report generation.
- CI/CD Pipelines: Automated build and deployment systems that process Markdown files.
- Content Management Systems: Platforms that integrate
md-to-pdffor content conversion.
4. Recommended Mitigation Strategies
Immediate Actions:
- Update to Version 5.2.5: Upgrade the
md-to-pdftool to version 5.2.5 or later, which includes the patch for this vulnerability. - Input Validation: Implement strict input validation and sanitization for Markdown files to prevent the inclusion of malicious front-matter blocks.
- Least Privilege: Run the
md-to-pdftool with the least privileges necessary to minimize the impact of potential exploitation.
Long-Term Strategies:
- Regular Audits: Conduct regular security audits of third-party libraries and tools used in the development and deployment processes.
- Security Training: Educate developers and DevOps teams about the risks associated with processing untrusted input and the importance of secure coding practices.
- Monitoring and Logging: Implement robust monitoring and logging to detect and respond to any suspicious activities related to the
md-to-pdftool.
5. Impact on European Cybersecurity Landscape
The vulnerability poses a significant risk to organizations within the European Union that rely on the md-to-pdf tool for document conversion. The potential for remote code execution can lead to data breaches, unauthorized access, and disruption of services, impacting the confidentiality, integrity, and availability of information systems. Given the critical CVSS score, this vulnerability underscores the need for vigilant cybersecurity practices and timely patch management to protect against such threats.
6. Technical Details for Security Professionals
Vulnerability Details:
- Affected Library:
gray-matterlibrary used withinmd-to-pdf. - Exploitation Trigger: JavaScript delimiters within the front-matter block of a Markdown file.
- Patch Information: The issue is resolved in
md-to-pdfversion 5.2.5, which includes updates to thegray-matterlibrary to prevent arbitrary code execution.
References:
- GitHub Advisory: GHSA-547r-qmjm-8hvw
- Commit Reference: 46bdcf2051c8d1758b391c1353185a179a47a4d9
- Repository: md-to-pdf GitHub Repository
Aliases:
- CVE-2025-65108
- GHSA-547r-qmjm-8hvw
Assigner:
- GitHub_M
ENISA IDs:
- Product:
md-to-pdfversions < 5.2.5 - Vendor:
simonhaenisch
By addressing this vulnerability promptly and implementing robust security measures, organizations can mitigate the risks associated with this critical issue and enhance their overall cybersecurity posture.