The vulnerability identified as CVE-2025-65108 affects the md-to-pdf CLI tool, which converts Markdown files to PDF using Node.js and headless Chrome. The root cause is improper control of code generation (CWE-94) within the gray-matter library, which md-to-pdf relies on to parse Markdown front-matter. Specifically, if the front-matter contains JavaScript delimiters, the JavaScript engine executes this code during the Markdown-to-PDF conversion process. This leads to remote code execution (RCE) without requiring authentication or user interaction, allowing attackers to run arbitrary code on the host system with the privileges of the md-to-pdf process. The vulnerability affects all versions prior to 5.2.5 and has been patched in that release. The CVSS 3.1 base score is 10.0, indicating critical severity with network attack vector, low attack complexity, no privileges required, no user interaction, and complete impact on confidentiality, integrity, and availability. Although no known exploits are reported in the wild yet, the ease of exploitation and severity make this a high-risk vulnerability. Organizations using md-to-pdf in automated workflows or exposed environments are particularly vulnerable, especially if they process Markdown files from untrusted or external sources.

For European organizations, the impact of this vulnerability is significant. Exploitation could lead to full system compromise, data theft, unauthorized modification of documents, or disruption of PDF generation services. This is especially critical for sectors relying heavily on automated documentation, publishing, or software development pipelines that incorporate md-to-pdf. Confidential information embedded in Markdown files or generated PDFs could be exposed or altered. The availability of systems could be disrupted by attackers executing destructive payloads. Given the critical severity and ease of exploitation, organizations face risks of operational downtime, reputational damage, and potential regulatory penalties under GDPR if personal data is compromised. The vulnerability's network accessibility and lack of authentication requirements increase the attack surface, making it a prime target for attackers aiming to infiltrate European IT environments.

Immediate upgrade to md-to-pdf version 5.2.5 or later is essential to remediate this vulnerability. Organizations should audit their environments to identify all instances of md-to-pdf and verify version compliance. Restrict Markdown input sources to trusted users and systems to reduce exposure to maliciously crafted files. Implement input validation and sanitization for Markdown front-matter to detect and block JavaScript delimiters or suspicious content. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions to monitor for anomalous process behavior during PDF generation. Consider isolating md-to-pdf execution in sandboxed or containerized environments with minimal privileges to limit potential damage from exploitation. Regularly review and update dependencies like gray-matter to their latest secure versions. Finally, maintain robust incident response plans to quickly address any exploitation attempts.