Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-64cy-gjgm-d3b1
Vulnerability ID VCID-64cy-gjgm-d3b1
Aliases CVE-2025-12816
GHSA-5gfm-wpxj-wjgq
Summary
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-436 Interpretation Conflict
System Score Found at
cvssv3.1 8.6 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
cvssv3.1 8.6 https://github.com/digitalbazaar/forge
ssvc Track https://github.com/digitalbazaar/forge
cvssv3.1 8.6 https://github.com/digitalbazaar/forge/pull/1124
ssvc Track https://github.com/digitalbazaar/forge/pull/1124
cvssv3.1 8.6 https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
cvssv3.1_qr HIGH https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
ssvc Track https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
cvssv3.1 8.6 https://kb.cert.org/vuls/id/521113
ssvc Track https://kb.cert.org/vuls/id/521113
cvssv3.1 8.6 https://www.npmjs.com/package/node-forge
ssvc Track https://www.npmjs.com/package/node-forge
Reference id Reference type URL
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-12816
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/asn1.js#L1153
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/ed25519.js#L81
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pbe.js#L363
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs12.js#L328
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/pkcs7.js#L90
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/rsa.js#L1167
https://github.com/digitalbazaar/forge/blob/2bb97afb5058285ef09bcf1d04d6bd6b87cffd58/lib/x509.js#L667
https://www.kb.cert.org/vuls/id/521113
1124 https://github.com/digitalbazaar/forge/pull/1124
521113 https://kb.cert.org/vuls/id/521113
forge https://github.com/digitalbazaar/forge
GHSA-5gfm-wpxj-wjgq https://github.com/advisories/GHSA-5gfm-wpxj-wjgq
GHSA-5gfm-wpxj-wjgq https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
node-forge https://www.npmjs.com/package/node-forge
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/digitalbazaar/forge
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/ Found at https://github.com/digitalbazaar/forge
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/digitalbazaar/forge/pull/1124
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/ Found at https://github.com/digitalbazaar/forge/pull/1124
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/ Found at https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://kb.cert.org/vuls/id/521113
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/ Found at https://kb.cert.org/vuls/id/521113
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://www.npmjs.com/package/node-forge
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-25T20:21:37Z/ Found at https://www.npmjs.com/package/node-forge

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-10T18:12:26.444093+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0