Main Vulnerability Database Vulnerabilities #VU115762

#VU115762 Input validation error in cipher-base - CVE-2025-9287

Published: September 18, 2025

Vulnerability identifier: #VU115762

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-9287

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
cipher-base

Software vendor:
browserify

Description

The vulnerability allows a remote attacker to manipulate data or perform a denial of service attack.

The vulnerability exists due to a missing type check of untrusted input. A remote attacker can manipulate data representation within the application, which can lead to denial of service conditions or various calculation errors when handling private keys or hashes.

Remediation

Install updates from vendor's website.

External links

https://github.com/browserify/cipher-base/pull/23
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc

#VU115762 Input validation error in cipher-base - CVE-2025-9287

Description

Remediation

External links

Please verify you're human