Authentication Tag Validation Issue in Deno Runtime
CVE-2025-24015

7.7HIGH

Key Information:

Vendor

Denoland

Status
Deno
Vendor
CVE Published:
3 June 2025

What is CVE-2025-24015?

Deno, the JavaScript, TypeScript, and WebAssembly runtime, is impacted by a serious issue in versions 1.46.0 through 2.1.6, affecting AES-256-GCM and AES-128-GCM encryption modes. The vulnerability lies in the failure to validate the authentication tag, a critical step in ensuring the integrity of encrypted data. As a result, any tampered ciphertext or incorrect encryption keys may not trigger expected error responses, undermining the protection typically offered by AES-GCM. This flaw also compromises the efficacy of any associated authenticated data checks. Users are urged to upgrade to version 2.1.7 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

deno >= 1.46.0, < 2.1.7

References

https://github.com/denoland/deno/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/denoland/deno/commit/0d1beed
x_refsource_MISC
https://github.com/denoland/deno/commit/4f27d7cdc02e3edfb...
x_refsource_MISC

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.