CVE-2025-12816
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-25

Last updated on: 2026-01-02

Assigner: CERT/CC

Description
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-25
Last Modified
2026-01-02
Generated
2026-05-07
AI Q&A
2025-11-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-12816
EUVD
EUVD-2025-199630
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
digitalbazaar forge to 1.3.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-436 Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an interpretation-conflict (CWE-436) in node-forge versions 1.3.1 and earlier. It allows unauthenticated attackers to craft ASN.1 structures that cause desynchronization in schema validations. This leads to a semantic divergence that can bypass downstream cryptographic verifications and security decisions.


How can this vulnerability impact me? :

The vulnerability can impact you by allowing attackers to bypass cryptographic verifications and security decisions, potentially compromising the integrity of security mechanisms that rely on node-forge for ASN.1 parsing and validation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart