CVE-2025-22872 is a medium-severity vulnerability that affects the tokenizer used in DOM construction. This vulnerability allows the tokenizer to incorrectly interpret tags with unquoted attribute values that end with a solidus character (/) as self-closing. This misinterpretation can occur when directly using the Tokenizer, leading to incorrect tagging, or when using the Parse functions, resulting in content that follows such tags being placed in the wrong scope. This issue is particularly significant in contexts involving foreign content such as <math> and <svg>.
The CVSS score for this vulnerability is 6.5, indicating a medium severity level. The risk to organizations includes potential disruptions in DOM construction processes, which can affect web applications that rely on accurate content parsing. It is crucial for organizations to address this vulnerability in their patching cycles to prevent any misbehavior in applications that may arise from these incorrect interpretations.
As of now, there are no known public exploits or proof of concept (PoC) available for this vulnerability. However, given the nature of the issue, organizations should remain vigilant and prioritize remediation efforts to mitigate any potential risks associated with this vulnerability.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)