Integer overflow in Digitalbazaar Forge

CVE-2025-66030

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 struct…

Vulnerability class: Integer Overflow

EPSS: 0.001 (22.4th percentile) — read the EPSS interpretation.

Affected products

Digitalbazaar Forge — versions < 1.3.2

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g (x_refsource_CONFIRM)
https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb (x_refsource_MISC)