← volver
CVE-2025-6547

On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys

CVSS 9.1 CRITICALEPSS 0.4%CWE-20
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H
Productos afectados
pbkdf2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bbhttps://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59