CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-12816

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.0%

CVSS Severity

CVSS v3 Score 8.6

References

https://github.com/digitalbazaar/forge
https://github.com/digitalbazaar/forge/pull/1124
https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
https://kb.cert.org/vuls/id/521113
https://www.npmjs.com/package/node-forge
https://www.kb.cert.org/vuls/id/521113

Products affected by CVE-2025-12816

Digitalbazaar » Node-Forge » Version: Any

cpe:2.3:a:digitalbazaar:node-forge:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-12816

Products

Pricing

Contact Us