CVE-2025-6545

Published: Jun 23, 2025

Modified: Jun 23, 2025

PUBLISHED

Description

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

Vendor	Product	Versions
Unknown	pbkdf2	affected `3.0.10 - <= 3.1.2`

Weaknesses (CWE)

CWE-20

References

https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6

third-party-advisory

https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078

x_introduced-by

https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-6545

Description

Affected Products

Weaknesses (CWE)

References