Improper Input Validation in sha.js Affects Browserify Product
CVE-2025-9288

9.1CRITICAL

Key Information:

Status
Vendor
CVE Published:
20 August 2025

What is CVE-2025-9288?

The sha.js library from Browserify contains an improper input validation vulnerability that could allow attackers to manipulate input data. This issue affects all versions up to and including 2.4.11. Attackers exploiting this vulnerability could potentially execute unauthorized actions or compromise the integrity of the data being processed. It is essential for users of sha.js to review their implementations and upgrade to the latest patched version to ensure data security and application integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/browserify/sha.js/security/advisories/...
vendor-advisory
https://github.com/browserify/sha.js/pull/78
patch
https://www.cve.org/CVERecord?id=CVE-2025-9287
related

CVSS V4

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

https://github.com/ChALkeR
https://github.com/ChALkeR
https://github.com/ChALkeR
https://github.com/ljharb
JSON
.