PT-2025-26639 · Pbkdf2+3 · Pbkdf2+3

Chalker

·

Published

2025-06-23

·

Updated

2026-06-04

·

CVE-2025-6547

CVSS v4.0

9.1

Critical

VectorAV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H
Name of the Vulnerable Software and Affected Versions: pbkdf2 versions <=3.1.2
Description: The issue is related to an Improper Input Validation vulnerability in pbkdf2, allowing Signature Spoofing by Improper Validation.
Recommendations: For versions <=3.1.2, update to a version greater than 3.1.2 to resolve the issue. As a temporary workaround, consider restricting the use of the pbkdf2 function to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-07454
CVE-2025-6547
GHSA-V62P-RQ8G-8H59
SUSE-SU-2025:3744-1

Affected Products

Debian
Red Os
Suse
Pbkdf2