CVE-2025-12816

CVSS v3.1

8.6

High

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier

Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data is understood, potentially bypassing cryptographic checks and security measures.

Recommendations Update node-forge to a version later than 1.3.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-670CWE-436

Related Identifiers

BDU:2025-15402

CVE-2025-12816

GHSA-5GFM-WPXJ-WJGQ

OPENSUSE-SU-2026:20177-1

SUSE-SU-2026:0628-1

SUSE-SU-2026:0630-1

SUSE-SU-2026:1008-1

SUSE-SU-2026:1013-1

SUSE-SU-2026:1035-1

SUSE-SU-2026:20232-1

Affected Products

Debian

Node-Forge

CVE-2025-12816

Weakness Enumeration

Related Identifiers

Affected Products

References · 93