All news with #node forge tag

node-forge patched for ASN.1 signature verification bypass

🔒 The popular JavaScript cryptography library node-forge received a security update after researchers found a high-severity flaw that can bypass signature verification. Tracked as CVE-2025-12816, the issue stems from an ASN.1 validation interpretation conflict that allows crafted, malformed structures to pass schema checks while remaining cryptographically invalid. Maintainers released version 1.3.2; developers are strongly advised to upgrade immediately because applications relying on node-forge for PKI or signature enforcement could face authentication bypasses or signed-data tampering.