VDB
CISA-2025-6545
CISA-2025-6545
PUBLISHED
CVSS 9.1 CRITICAL
Reported by harborist · Published June 23, 2025
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
Risk Scores
CVSS 4.0
9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3.0.10 | ||
| 3.0.10, 3.0.10 |
Timeline
- Jun 23, 2025 CVE Published
- Jun 23, 2025 CVE Updated