CVE-2025-66400 affects the mdast-util-to-hast utility, a component of the syntax-tree project that transforms markdown abstract syntax trees (mdast) into hypertext abstract syntax trees (hast). Between versions 13.0.0 and before 13.2.1, the utility improperly validates input by allowing multiple unprefixed classnames to be injected into markdown source through the use of character references. This flaw arises from inadequate sanitization and normalization of class attribute inputs, enabling an attacker to craft markdown content that, when rendered, applies arbitrary CSS classes to code elements. Consequently, user-supplied markdown code blocks can be visually disguised to appear consistent with other page elements, potentially facilitating UI spoofing or misleading users about the origin or nature of displayed content. The vulnerability is classified under CWE-20 (Improper Input Validation) and CWE-915 (Improperly Controlled Modification of Object Prototype Attributes), highlighting the root cause as insufficient input checks. Exploitation requires no privileges or user interaction and can be performed remotely by submitting malicious markdown content. The vulnerability was publicly disclosed on December 1, 2025, with a CVSS 4.0 base score of 6.9 (medium severity). The issue is resolved in mdast-util-to-hast version 13.2.1, which properly sanitizes classnames and prevents injection via character references. No known active exploits have been reported to date.

For European organizations, this vulnerability poses a risk primarily to web applications and services that process and render user-generated markdown content using affected versions of mdast-util-to-hast. The ability to inject multiple unprefixed classnames can lead to UI confusion or spoofing attacks, undermining the integrity of displayed content and potentially deceiving users into trusting malicious or altered information. This could facilitate social engineering, phishing, or misinformation campaigns, especially in sectors relying heavily on markdown for documentation, collaboration platforms, or content management systems. While the vulnerability does not directly compromise confidentiality or availability, the integrity and trustworthiness of rendered content are at risk. Organizations in finance, government, media, and critical infrastructure sectors may face reputational damage or operational disruption if attackers exploit this flaw to mislead users or inject deceptive content. The lack of required authentication or user interaction lowers the barrier for exploitation, increasing the threat surface. However, the absence of known exploits in the wild suggests limited active targeting so far, though proactive mitigation is advised.

European organizations should immediately upgrade all instances of mdast-util-to-hast to version 13.2.1 or later, where the vulnerability is fixed. For environments where immediate upgrade is not feasible, implement input sanitization and validation layers upstream to detect and neutralize character references that could inject unprefixed classnames. Employ Content Security Policy (CSP) headers to restrict the application of unauthorized CSS classes or styles, limiting the impact of injected classnames. Conduct thorough code reviews and security testing on markdown rendering pipelines to identify and remediate similar input validation weaknesses. Monitor markdown content submissions for anomalous patterns indicative of exploitation attempts. Additionally, educate developers and content managers about the risks of rendering untrusted markdown and encourage the use of secure libraries and frameworks. Maintain up-to-date dependency management practices and subscribe to vulnerability advisories related to syntax-tree and markdown processing tools.