Main Vulnerability Database Vulnerabilities #VU115762

Input validation error in cipher-base - CVE-2025-9287

Published: September 18, 2025

Vulnerability identifier: #VU115762

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-9287

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: browserify

Affected software:
cipher-base

Detailed vulnerability description

The vulnerability allows a remote attacker to manipulate data or perform a denial of service attack.

The vulnerability exists due to a missing type check of untrusted input. A remote attacker can manipulate data representation within the application, which can lead to denial of service conditions or various calculation errors when handling private keys or hashes.

How to mitigate CVE-2025-9287

Install updates from vendor's website.

Sources

https://github.com/browserify/cipher-base/pull/23
https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc

Input validation error in cipher-base - CVE-2025-9287

Detailed vulnerability description

How to mitigate CVE-2025-9287

Sources

Please verify you're human