CVE-2025-6545

EUVD-2025-18922
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.

This issue affects pbkdf2: from 3.0.10 through 3.1.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Debian logo
Debian Releases
Debian Product
Codename
node-pbkdf2
bookworm
no-dsa
bullseye
postponed
forky
3.1.5+~3.1.2-1
fixed
sid
3.1.5+~3.1.2-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
node-pbkdf2
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
needs-triage
resolute
needs-triage
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
aws-cli
suse enterprise sap 15 SP4
1.33.26-150400.34.7.1
fixed
suse enterprise sap 15 SP5
1.33.26-150400.34.7.1
fixed
suse enterprise sap 15 SP6
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP4
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP5
1.33.26-150400.34.7.1
fixed
suse enterprise server 15 SP6
1.33.26-150400.34.7.1
fixed
python311-boto3
suse enterprise desktop 15 SP7
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP4
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP5
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP6
1.34.138-150400.27.7.1
fixed
suse enterprise sap 15 SP7
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP4
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP5
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP6
1.34.138-150400.27.7.1
fixed
suse enterprise server 15 SP7
1.34.138-150400.27.7.1
fixed
python311-botocore
suse enterprise desktop 15 SP7
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP4
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP5
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP6
1.34.144-150400.41.7.1
fixed
suse enterprise sap 15 SP7
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP4
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP5
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP6
1.34.144-150400.41.7.1
fixed
suse enterprise server 15 SP7
1.34.144-150400.41.7.1
fixed
python311-coverage
suse enterprise desktop 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise desktop 15 SP7
7.6.10-150400.12.6.1
fixed
suse enterprise sap 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise sap 15 SP7
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP4
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP5
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP6
7.6.10-150400.12.6.1
fixed
suse enterprise server 15 SP7
7.6.10-150400.12.6.1
fixed
python311-pluggy
suse enterprise desktop 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise desktop 15 SP7
1.5.0-150400.14.10.1
fixed
suse enterprise sap 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise sap 15 SP7
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP4
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP5
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP6
1.5.0-150400.14.10.1
fixed
suse enterprise server 15 SP7
1.5.0-150400.14.10.1
fixed
python311-pytest
suse enterprise desktop 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise desktop 15 SP7
8.3.5-150400.3.9.1
fixed
suse enterprise sap 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise sap 15 SP7
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP4
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP5
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP6
8.3.5-150400.3.9.1
fixed
suse enterprise server 15 SP7
8.3.5-150400.3.9.1
fixed
python311-pytest-cov
suse enterprise desktop 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise desktop 15 SP7
6.2.1-150400.12.6.1
fixed
suse enterprise sap 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise sap 15 SP7
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP4
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP5
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP6
6.2.1-150400.12.6.1
fixed
suse enterprise server 15 SP7
6.2.1-150400.12.6.1
fixed
python311-pytest-mock
suse enterprise desktop 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise desktop 15 SP7
3.14.0-150400.13.6.1
fixed
suse enterprise sap 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise sap 15 SP7
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP4
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP5
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP6
3.14.0-150400.13.6.1
fixed
suse enterprise server 15 SP7
3.14.0-150400.13.6.1
fixed
Common Weakness Enumeration
References
https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb
https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6