Interpretation Conflict in node-forge

CVE-2025-12816

node-forge
org.webjars.npm:github-com-digitalbazaar-forge
org.webjars.npm:node-forge

High

8.6/10

Summary

An interpretation-conflict (CWE-436) vulnerability in node-forge versions through 1.3.1 enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions. This issue has been fixed in version 1.3.2.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-436 - Interpretation Conflict

Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.

References

Advisory

Advisory Timeline

Published Nov 25, 2025

Interpretation Conflict in node-forge

CVE-2025-12816

Summary

CWE-436 - Interpretation Conflict

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS