Home > Vulnerability Database > CVE-2025-12816

Mend.io Vulnerability Database

CVE-2025-12816

Good to know:

Date: November 25, 2025

An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.

Severity Score

8.6

Related Resources (8)

Url: https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq

Url: https://www.kb.cert.org/vuls/id/521113

Url: https://www.npmjs.com/package/node-forge

Url: https://kb.cert.org/vuls/id/521113

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12816

Url: https://github.com/digitalbazaar/forge/pull/1124

Url: https://github.com/digitalbazaar/forge

Url: https://www.mend.io/vulnerability-database/CVE-2025-12816

Severity Score

8.6

Weakness Type (CWE)

Interpretation Conflict

CWE-436

Top Fix

Upgrade Version

Upgrade to version node-forge - 1.3.2;https://github.com/digitalbazaar/forge.git - v1.3.2

Learn More

CVSS v3.1

Base Score:	8.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12816

Good to know:

Date: November 25, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?