QwikSec

Security Database

CVE

CWE

Training

CVE-2025-12816

Published: Nov 25, 2025

Modified: Nov 25, 2025

PUBLISHED

Description

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Vendor	Product	Versions
Digital Bazaar	node-forge	affected `0 - <= 1.3.1`
Digital Bazaar	forge	affected `0 - <= 1.3.1`

References

https://www.npmjs.com/package/node-forge

https://github.com/digitalbazaar/forge/pull/1124

https://github.com/digitalbazaar/forge

CERT/CC Vulnerability Notice

third-party-advisory

Github Security Advisory

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.