Home

Description

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-20 | Updated 2025-08-21 | Assigner harborist




CRITICAL: 9.1CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

Any version
affected

Credits

https://github.com/ChALkeR reporter

https://github.com/ChALkeR finder

https://github.com/ChALkeR remediation developer

https://github.com/ljharb coordinator

References

github.com/...r-base/security/advisories/GHSA-cpq7-6gpm-g9rc vendor-advisory

github.com/browserify/cipher-base/pull/23 patch

cve.org (CVE-2025-9287)

nvd.nist.gov (CVE-2025-9287)

Download JSON