CVE-2025-12816

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-12816

Severity

8.6

High

CVSS V3

Description

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-12816
https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
https://www.npmjs.com/package/node-forge
https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
https://kb.cert.org/vuls/id/521113
https://www.kb.cert.org/vuls/id/521113
https://github.com/digitalbazaar/forge/pull/1124
https://github.com/digitalbazaar/forge

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2025-12816

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company