CVE-2025-12816 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
certcc	CNA	---				---
CISA-ADP	ADP	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 22%

Ubuntu Releases

Ubuntu Product

Codename

node-node-forge

questing	dne
plucky	dne
noble	dne
jammy	needs-triage
focal	needs-triage

Common Weakness Enumeration

CWE-436 - Interpretation Conflict
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

Vulnerability Media Exposure

[ENGLISH] ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us. One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
Published: 2025-12-01T18:17:00+05:30

References

https://github.com/digitalbazaar/forge

https://github.com/digitalbazaar/forge/pull/1124

https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq

https://kb.cert.org/vuls/id/521113

https://www.npmjs.com/package/node-forge

https://www.kb.cert.org/vuls/id/521113