Input Validation Issue in pbkdf2 Affects Browserify Product
CVE-2025-6545

9.1CRITICAL

Key Information:

Status
Vendor
CVE Published:
23 June 2025

What is CVE-2025-6545?

An improper input validation vulnerability exists in the pbkdf2 package, which can lead to signature spoofing. This issue arises from insufficient checks in processing inputs via the program files located in lib/to-buffer.Js. Affected versions range from 3.0.10 to 3.1.2, necessitating immediate attention to ensure the integrity and security of applications utilizing this library. Users are advised to upgrade to the latest patched version to mitigate risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/browserify/pbkdf2/security/advisories/...
third-party-advisory
https://github.com/browserify/pbkdf2/commit/9699045c37a07...
x_introduced-by
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830...
patch

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
Low
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.