CVE-2025-6545

N/A Unknown
Published: June 23, 2025 Modified: April 15, 2026
View on NVD

Description

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078
Source: 7ffcee3d-2c14-4c3e-b844-86c6a321a158
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb
Source: 7ffcee3d-2c14-4c3e-b844-86c6a321a158
https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6
Source: 7ffcee3d-2c14-4c3e-b844-86c6a321a158

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.4%
62th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-20

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A