Vulnerability in Digitalbazaar Forge
CVE-2025-66031
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep A…
EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.
Affected products
- Digitalbazaar Forge — versions < 1.3.2
Weakness classification (CWE)
References
- https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27 (x_refsource_CONFIRM)
- https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451 (x_refsource_MISC)