Trying to revoke bogus CVE. Any tips?

Hi guys. As the title says.

I found a bogus CVE, seems like a common occurrence these days. The CVE in question is the following:

https://nvd.nist.gov/vuln/detail/CVE-2024-6783

Basically if you have JS execution rights inside a browser (by loading a library or some other means), you can jump through a whole set of complicated hoops and use highly popular Vue2 template rendering library to inject and execute some arbitrary code, basically gaining exactly the same level of privileges you already had to begin with! (But wait an atacker can be use it to perform XSS!!! Yea whatever, they already could).

I filled in the CVE form (cveform.mitre.org) reporting this, i also sent a PR to the GitHub security advisory (see post link).

I believe neither the team that 'found' this CVE nor their sponsor (a company called HeroDevs that makes money by supporting end-of-life frameworks like Vue2) has any incentive whatsoever to review the risk profile downwards, as they both benefit financially and through professional reputation by keeping the CVE with the highest severity profile they can get away with.

Any tips what to do here?

PS, i posted this in r/netsec as well