Vulnerability Database

309,237

Total vulnerabilities in the database

CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.

This issue affects pbkdf2: from 3.0.10 through 3.1.2.

Published: Jun 23, 2025
Updated: Nov 24, 2025
CVE: CVE-2025-6545
GHSA: GHSA-h7cp-r72f-jxh6
Severity: Critical
Exploit:

No technical information available.

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
crypto-browserify / pbkdf2	3.0.10	3.1.3

https://github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078
https://github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bb
https://github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo