CVE-2025-6545

9.1 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.

This issue affects pbkdf2: from 3.0.10 through 3.1.2.

References

Affected packages

Git / github.com/browserify/pbkdf2

Affected ranges

Type

GIT

Repo

https://github.com/browserify/pbkdf2

Events

Introduced

a0a9abc8989e53d358cad22c7a2fd20f60cd9ebe

Last affected

a458d11da613fd4b14651b52e2b1caaa6977b089

Fixed

9699045c37a07f8319cfb8d44e2ff4252d7a7078

Fixed

e3102a8cd4830a3ac85cd0dd011cc002fdde33bb

Database specific

{
    "versions": [
        {
            "introduced": "3.0.10"
        },
        {
            "last_affected": "3.1.2."
        }
    ]
}

Affected versions

v3.*

v3.0.10

v3.0.11

v3.0.12

v3.0.13

v3.0.14

v3.0.15

v3.0.16

v3.0.17

v3.1.0

v3.1.1

v3.1.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-6545.json"