Vulnerability Description
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Python-Markdown | Markdown | 3.8 |
Related Weaknesses (CWE)
References
- https://github.com/Python-Markdown/markdownProduct
- https://github.com/Python-Markdown/markdown/actions/runs/15736122892Product
- https://github.com/Python-Markdown/markdown/issues/1534ExploitIssue Tracking
- http://www.openwall.com/lists/oss-security/2026/03/06/4Mailing ListThird Party Advisory
FAQ
What is CVE-2025-69534?
CVE-2025-69534 is a vulnerability with a CVSS score of 7.5 (HIGH). Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Ma...
How severe is CVE-2025-69534?
CVE-2025-69534 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-69534?
Check the references section above for vendor advisories and patch information. Affected products include: Python-Markdown Markdown.