VDB

CISA-2025-6545

CISA-2025-6545 PUBLISHED CVSS 9.1 CRITICAL

Reported by harborist · Published June 23, 2025

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

Risk Scores

CVSS 4.0
9.1
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H

Affected Products

VendorProductVersions
3.0.10
3.0.10, 3.0.10

Timeline

  • Jun 23, 2025 CVE Published
  • Jun 23, 2025 CVE Updated

References

  • third-party-advisory
  • x_introduced-by
  • patch
Open in Interactive Console →
$ Console Community · 100/wk Open console ›