{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/521113#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nThe Forge JavaScript library provides TLS-related cryptographic utilities. A vulnerability that allows signature verification to be bypassed through crafted manipulation of ASN.1 structures, particularly in fields such as Message Authentication Code (MAC) data, was identified. Users of the `node-forge` package, and downstream consumers, are advised to update to the patched version in a timely manner.\r\n\r\n### Description\r\nForge (also available as the `node-forge` npm package) offers a range of cryptographic capabilities, including certificate generation, message signing and verification, and encryption and decryption. These functions depend on the ASN.1 parsing and validation routines of the library.\r\n\r\nA flaw in the `asn1.validate` function was discovered that allows tampered ASN.1 data to pass validation even when cryptographically incorrect. By embedding custom options into certain ASN.1 fields that require recursive verification, an attacker can craft data that appears valid to the Forge verification routines. A proof-of-concept using manipulated PKCS#12 MAC data demonstrated how a forged payload could bypass signature verification.\r\n\r\nThe researcher who reported this issue has described the potential implications of the flaw as follows:\r\n> As a result, applications that rely on node-forge to enforce the structure and integrity of ASN.1-derived cryptographic protocols, including X.509 certificates, PKCS#7 messages, and PKCS#12 archives may be tricked into successfully validating malformed data. \r\n\r\nWhile different environments will experience different levels of practical exposure, the underlying verification bypass is technically significant. The package is widely used, and a fix has been published. A patched release, version `1.3.2`, is now available and includes updated test cases in `tests/security/cve-2025-12816.js` that illustrate the corrected behavior.\r\n\r\n### Impact\r\nAn attacker who can supply crafted ASN.1 data may cause applications relying on Forge for verification to accept forged or modified data as legitimate. This can enable authentication bypass, tampering with signed data, or misuse of certificate-related functions (e.g., cryptographically-signed software). In environments where cryptographic verification plays a central role in trust decisions, the potential impact can be significant. \r\n\r\n### Solution\r\nUpdate to Forge version `1.3.2` or later. The fix is available in [Pull Request #1124](https://github.com/digitalbazaar/forge/pull/1124). Developers should integrate the updated version into their projects and distribute updates through their normal release channels.\r\n\r\n### Acknowledgements\r\nThanks to Hunter Wodzenski of Palo Alto Networks for responsibly reporting this issue. This document was written by Vijay Sarvepalli.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/521113"},{"url":"https://github.com/digitalbazaar/forge/","summary":"https://github.com/digitalbazaar/forge/"},{"url":"https://www.npmjs.com/package/node-forge","summary":"https://www.npmjs.com/package/node-forge"},{"url":"https://github.com/digitalbazaar/forge/pull/1116","summary":"https://github.com/digitalbazaar/forge/pull/1116"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-32988","summary":"https://www.cve.org/CVERecord?id=CVE-2025-32988"}],"title":"Forge JavaScript library impacted by a vulnerability in signature verification.","tracking":{"current_release_date":"2025-11-25T19:41:12+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#521113","initial_release_date":"2025-11-25 19:03:14.928508+00:00","revision_history":[{"date":"2025-11-25T19:41:12+00:00","number":"1.20251125194112.3","summary":"Released on 2025-11-25T19:41:12+00:00"}],"status":"final","version":"1.20251125194112.3"}},"vulnerabilities":[{"title":"An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.","notes":[{"category":"summary","text":"An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions."}],"cve":"CVE-2025-12816","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#521113"}],"product_status":{"known_affected":["CSAFPID-5de34db2-351e-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"Digital Bazaar","product":{"name":"Digital Bazaar Products","product_id":"CSAFPID-5de34db2-351e-11f1-8422-122e2785dc9f"}}]}}