node forge

About this tag
Node Forge is a popular JavaScript cryptography library used for SSL/TLS, X.509 certificates, and ASN.1 parsing. Recent discussions on WindowsForum highlight three critical vulnerabilities patched in version 1.3.2: CVE-2025-12816, an ASN.1 validation bypass that desynchronizes the library's validator and lets attackers bypass cryptographic checks; CVE-2025-66031, a denial-of-service flaw exploiting unbounded ASN.1 recursion to crash Node.js processes; and CVE-2025-66030, an OID parsing issue where integer truncation allows OID spoofing. These threads cover patch details, supply-chain risks, and remediation steps for developers and IT teams using Node Forge in their applications.
  1. CVE-2025-12816: Node Forge ASN.1 Validation Bypass and Patch

    A critical interpretation‑conflict flaw in the widely used JavaScript cryptography library node‑forge lets attackers craft malicious ASN.1 objects that desynchronize the library’s ASN.1 validator and bypass downstream cryptographic checks — a vulnerability tracked as CVE‑2025‑12816 that has been...
  2. CVE-2025-66031: Patch Node Forge ASN.1 Recursion DoS

    A newly disclosed high‑severity vulnerability in the popular JavaScript cryptography library node‑forge (tracked as CVE‑2025‑66031) enables unbounded ASN.1 recursion that can be trivially abused to crash Node.js processes parsing untrusted DER inputs — and the fix landed quickly in node‑forge...
  3. CVE-2025-66030 Node-forge OID Parsing Fix in 1.3.2

    A recently disclosed vulnerability in the widely used JavaScript cryptography library node-forge—tracked as CVE-2025-66030—allows specially crafted ASN.1 Object Identifier (OID) values to be mis-parsed due to integer truncation, letting an attacker spoof OIDs and potentially bypass downstream...