Input Validation Issue in pbkdf2 Affects Browserify Product
CVE-2025-6545
9.1CRITICAL
What is CVE-2025-6545?
An improper input validation vulnerability exists in the pbkdf2 package, which can lead to signature spoofing. This issue arises from insufficient checks in processing inputs via the program files located in lib/to-buffer.Js. Affected versions range from 3.0.10 to 3.1.2, necessitating immediate attention to ensure the integrity and security of applications utilizing this library. Users are advised to upgrade to the latest patched version to mitigate risk.