CVE-2025-66031

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and below

Description An uncontrolled recursion issue exists in node-forge, a native implementation of Transport Layer Security in JavaScript. The issue allows remote, unauthenticated attackers to create complex ASN.1 structures that cause unbounded recursive parsing. This can lead to a Denial-of-Service (DoS) condition through stack exhaustion when processing untrusted DER inputs.

Recommendations Update to version 1.3.2 or later.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

AZL-71134

CVE-2025-66031

GHSA-554W-WPV2-VW27

Affected Products

Debian

Node-Forge

CVE-2025-66031

Weakness Enumeration

Related Identifiers

Affected Products

References · 22