Buffer Overflow Vulnerability in bigint-buffer by no2chem
CVE-2025-3194

8.7HIGH

Key Information:

Vendor: no2chem
Status: Bigint-buffer
Vendor: CVE Published:; 4 April 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-3194?

The bigint-buffer package is susceptible to a buffer overflow vulnerability in its toBigIntLE() function. This exploitation can lead to application crashes, allowing attackers to disrupt service and potentially execute arbitrary code. Users of this package should evaluate their current versions and consider applying necessary updates or mitigations.

Affected Version(s)

bigint-buffer 0.0.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

bigint-buffer-safe
Created by LoserLab

References

https://security.snyk.io/vuln/SNYK-JS-BIGINTBUFFER-3364597

https://github.com/no2chem/bigint-buffer/blob/master/src/...

https://www.usenix.org/system/files/sec23fall-prepub-262_...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 9, 2026
👾
Exploit known to exist
Mar 9, 2026
Vulnerability published
Apr 4, 2025
Vulnerability Reserved
Apr 3, 2025

Credit

Cris Staicu

CVE-2025-3194 Data

JSON