CVE-2025-69534

high

Red Hat

CVSS v3 Base Score

8.2

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Published: March 5, 2026

Last Modified: March 5, 2026

Vendor: Red Hat

Description

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

CWE

CWE-617

Affected Products

External Secrets Operator for Red Hat OpenShiftMulticluster Engine for KubernetesRed Hat Ansible Automation Platform 2Red Hat Developer HubRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift AI (RHOAI)Red Hat OpenShift Container Platform 4

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2025-69534

Vulnerability Report

Description

CWE

Affected Products

References