CVE-2025-12816HIGH 8.6EPSS p47.4%

CVE-2025-12816CVE-2025-12816

Description

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS0.68% probability of exploitation · percentile 47.4% · 2026-06-18T12:00:27Z
Published2025-11-25
Last modified2026-01-02

Underlying weaknesses· 1

CWE-436

References

  1. https://github.com/digitalbazaar/forge
  2. https://github.com/digitalbazaar/forge/pull/1124
  3. https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
  4. https://kb.cert.org/vuls/id/521113
  5. https://www.npmjs.com/package/node-forge
  6. https://www.kb.cert.org/vuls/id/521113

1

TypeTargetConfidenceTier
WeaknessInterpretation Conflictcwe-4360%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-33896
CVE
CVE-2025-9287
CVE
CVE-2025-9288
CVE
CVE-2025-3757
CVE
CVE-2025-59706
CVE
CVE-2025-31170
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.