Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2025-6545

CVE-2025-6545

9.1

Critical

Published:23 Jun 2025

Last updated:17 Jun 2026

Source:7ffcee3d-2c14-4c3e-b844-86c6a321a158

Deferred

Weakness (CWE)

CWE-20Improper Input Validation

CVSS Vector

v4.0

Attack Vector: Network
Attack Complexity: Low
Attack Requirements: Present
Privileges Required: None
User Interaction: None
Confidentiality (Vulnerable): Low
Integrity (Vulnerable): High
Availability (Vulnerable): None
Confidentiality (Subsequent): High
Integrity (Subsequent): High
Availability (Subsequent): High

View on MITRE Find PoC on GitHub

Description

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

References

7ffcee3d-2c14-4c3e-b844-86c6a321a158

https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078

7ffcee3d-2c14-4c3e-b844-86c6a321a158

https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb

7ffcee3d-2c14-4c3e-b844-86c6a321a158

https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6