CVE-2025-8263 - Vulnerability Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Prettier	Prettier

No data.

References

Link	Providers
https://github.com/prettier/prettier/issues/17737
https://github.com/prettier/prettier/issues/17737#issue-3238184068
https://nvd.nist.gov/vuln/detail/CVE-2025-8263
https://vuldb.com/?ctiid.317851
https://vuldb.com/?id.317851
https://vuldb.com/?submit.617593
https://www.cve.org/CVERecord?id=CVE-2025-8263

History

Sat, 02 Aug 2025 09:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:a:prettier:prettier::::::::
Metrics	cvssV2_0 `{'score': 4.0, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}`	cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

Sat, 02 Aug 2025 09:15:00 +0000

Type	Values Removed	Values Added
Title	prettier parser-postcss.js parseNestedCSS redos	prettier: prettier parseNestedCSS ReDoS
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 02 Aug 2025 08:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.	REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Metrics	cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`	cvssV2_0 `{'score': 4.0, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 31 Jul 2025 19:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:prettier:prettier::::::::

Tue, 29 Jul 2025 12:30:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-8263 https://www.cve.org/CVERecord?id=CVE-2025-8263
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 29 Jul 2025 08:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Prettier Prettier prettier
Vendors & Products		Prettier Prettier prettier

Mon, 28 Jul 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 28 Jul 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in prettier up to 3.6.2. It has been declared as problematic. Affected by this vulnerability is the function parseNestedCSS of the file src/language-css/parser-postcss.js. The manipulation of the argument node leads to inefficient regular expression complexity. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Title		prettier parser-postcss.js parseNestedCSS redos
Weaknesses		CWE-1333 CWE-400
References		https://github.com/prettier/prettier/issues/17737 https://github.com/prettier/prettier/issues/17737#issue-3238184068 https://vuldb.com/?ctiid.317851 https://vuldb.com/?id.317851 https://vuldb.com/?submit.617593
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}`

MITRE

Status: REJECTED

Assigner: VulDB

Published: 2025-07-28T07:32:05.605Z

Updated: 2025-08-02T08:42:19.309Z

Reserved: 2025-07-26T16:29:27.258Z

Link: CVE-2025-8263

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-07-28T08:15:22.520

Modified: 2025-08-02T09:15:28.097

Link: CVE-2025-8263

Redhat

Severity : Moderate

Publid Date: 2025-07-28T07:32:05Z

Links: CVE-2025-8263 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object