CVE-2025-6496 is a vulnerability identified in the HTACG tidy-html5 project, specifically version 5.8.0. The flaw exists in the InsertNodeAsParent function within the src/parser.c source file. The vulnerability manifests as a null pointer dereference, which occurs when the function attempts to manipulate data structures without properly validating pointers, leading to a crash or denial of service. The vulnerability requires local access and low privileges (local access with limited privileges) to exploit, and no user interaction or authentication beyond local access is necessary. The vulnerability does not affect confidentiality or integrity directly but impacts availability by causing application crashes or service interruptions. The vulnerability has been publicly disclosed, and proof-of-concept exploits are available, though no widespread exploitation has been observed in the wild to date. The CVSS v4.0 score is 4.8 (medium severity), reflecting the limited attack vector (local access) and the impact primarily on availability. The vulnerability is exploitable without user interaction and does not require elevated privileges beyond local access, making it a concern for environments where untrusted users have local system access. The tidy-html5 library is commonly used for HTML parsing and cleaning in various software projects, including web servers, content management systems, and development tools, which may indirectly affect a wide range of applications that embed or rely on this library for HTML processing.

For European organizations, the primary impact of CVE-2025-6496 lies in potential denial-of-service conditions in applications or services that incorporate the vulnerable tidy-html5 5.8.0 library. This could lead to service outages or application crashes, affecting availability and potentially disrupting business operations, especially in environments where local user access is granted to multiple users or where sandboxing is insufficient. While the vulnerability does not directly compromise data confidentiality or integrity, availability disruptions can impact critical services, particularly in sectors such as finance, healthcare, and government, where uptime is crucial. Organizations using software that bundles tidy-html5 5.8.0 or custom applications that directly integrate this library are at risk. The requirement for local access limits remote exploitation, but insider threats or compromised accounts with local access could leverage this vulnerability to cause denial of service. Additionally, development and testing environments that use this library may experience instability, potentially delaying deployment or updates.

1. Upgrade: The most effective mitigation is to upgrade tidy-html5 to a version later than 5.8.0 where this vulnerability is patched. Monitor HTACG project releases and apply updates promptly. 2. Access Control: Restrict local access to systems running applications that use tidy-html5, ensuring only trusted users have local login capabilities. 3. Sandboxing: Run applications using tidy-html5 in isolated environments or containers with limited privileges to contain potential crashes and prevent broader system impact. 4. Input Validation: Implement strict input validation and sanitization before passing data to tidy-html5 to reduce the likelihood of triggering the null pointer dereference. 5. Monitoring: Deploy monitoring to detect abnormal application crashes or service interruptions that may indicate exploitation attempts. 6. Incident Response: Prepare response plans for denial-of-service incidents related to this vulnerability, including rapid restart procedures and fallback mechanisms. 7. Vendor Coordination: If tidy-html5 is embedded in third-party software, coordinate with vendors to ensure timely patching and updates.