Signature Spoofing

🗓️ 25 Jun 2025 11:43:27Reported by Veracode Vulnerability DatabaseType

pbkdf2 is vulnerable to Signature Spoofing due to improper input validation allowing malicious data spoofing.

Reporter	Title	Published	Views	Family All 47
IBM Security Bulletins	Security Bulletin: Vulnerabilities in pbkdf2 affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	25 Sep 202511:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in pbkdf2 affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2025-6545 and CVE-2025-6547)	3 Sep 202508:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to loss of confidentiality [CVE-2025-6545] [CVE-2025-6547]	26 Jun 202516:36	–	ibm
IBM Security Bulletins	Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in pbkdf2-3.1.2.tgz	22 Oct 202511:24	–	ibm
Circl	CVE-2025-6545	23 Jun 202518:45	–	circl
CNNVD	Browserify pbkdf2 安全漏洞	23 Jun 202500:00	–	cnnvd
CVE	CVE-2025-6545	23 Jun 202518:41	–	cve
Cvelist	CVE-2025-6545 pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos supported by Node.js	23 Jun 202518:41	–	cvelist
Debian CVE	CVE-2025-6545	23 Jun 202518:41	–	debiancve
EUVD	EUVD-2025-18922	3 Oct 202520:07	–	euvd

Vulners

Node

pbkdf2 pbkdf2Range3.0.10–3.1.2js

webjars pbkdf2Range3.0.3–3.1.2js

Source	Link
github	www.github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb
github	www.github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078
github	www.github.com/advisories/GHSA-h7cp-r72f-jxh6
github	www.github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6

25 Jun 2025 16:27Current

7High risk

Vulners AI Score7

CVSS 49.1

EPSS0.00416

SSVC