CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-54880

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() method, creating a sink for cross site scripting. This vulnerability is fixed in 11.10.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 17.8%

CVSS Severity

CVSS v3 Score 6.1

References

Products affected by CVE-2025-54880

Mermaid Project » Mermaid » Version: 11.1.0

cpe:2.3:a:mermaid_project:mermaid:11.1.0
Mermaid Project » Mermaid » Version: 11.1.1

cpe:2.3:a:mermaid_project:mermaid:11.1.1
Mermaid Project » Mermaid » Version: 11.2.0

cpe:2.3:a:mermaid_project:mermaid:11.2.0
Mermaid Project » Mermaid » Version: 11.2.1

cpe:2.3:a:mermaid_project:mermaid:11.2.1
Mermaid Project » Mermaid » Version: 11.3.0

cpe:2.3:a:mermaid_project:mermaid:11.3.0
Mermaid Project » Mermaid » Version: 11.4.0

cpe:2.3:a:mermaid_project:mermaid:11.4.0
Mermaid Project » Mermaid » Version: 11.4.1

cpe:2.3:a:mermaid_project:mermaid:11.4.1
Mermaid Project » Mermaid » Version: 11.5.0

cpe:2.3:a:mermaid_project:mermaid:11.5.0
Mermaid Project » Mermaid » Version: 11.6.0

cpe:2.3:a:mermaid_project:mermaid:11.6.0
Mermaid Project » Mermaid » Version: 11.7.0

cpe:2.3:a:mermaid_project:mermaid:11.7.0
Mermaid Project » Mermaid » Version: 11.8.0

cpe:2.3:a:mermaid_project:mermaid:11.8.0
Mermaid Project » Mermaid » Version: 11.8.1

cpe:2.3:a:mermaid_project:mermaid:11.8.1
Mermaid Project » Mermaid » Version: 11.9.0

cpe:2.3:a:mermaid_project:mermaid:11.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-54880

Products

Pricing

Contact Us