Critical severityOSV Advisory· Published Jun 23, 2025· Updated Apr 15, 2026
CVE-2025-6545
CVE-2025-6545
Description
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.
This issue affects pbkdf2: from 3.0.10 through 3.1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pbkdf2npm | >= 3.0.10, < 3.1.3 | 3.1.3 |
Affected products
76- Range: v3.0.10, v3.0.11, v3.0.12, …
- ghsa-coords75 versionspkg:npm/pbkdf2pkg:rpm/opensuse/aws-cli&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-boto3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-botocore&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-coverage&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-flaky&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pluggy&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-cov&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/python-pytest-html&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-pytest-mock&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/velociraptor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/aws-cli&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-boto3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP4pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6pkg:rpm/suse/python-botocore&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-coverage&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pluggy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-cov&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP7pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/python-pytest-mock&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
>= 3.0.10, < 3.1.3+ 74 more
- (no CPE)range: >= 3.0.10, < 3.1.3
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 3.8.1-150400.14.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 4.1.1-6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 0.7.0.4.git185.a5708584-2.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.33.26-150400.34.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.138-150400.27.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 1.34.144-150400.41.7.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 7.6.10-150400.12.6.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 1.5.0-150400.14.10.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 6.2.1-150400.12.6.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 8.3.5-150400.3.9.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
- (no CPE)range: < 3.14.0-150400.13.6.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-h7cp-r72f-jxh6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6545ghsaADVISORY
- github.com/browserify/pbkdf2/commit/9699045c37a07f8319cfb8d44e2ff4252d7a7078nvdWEB
- github.com/browserify/pbkdf2/commit/e3102a8cd4830a3ac85cd0dd011cc002fdde33bbnvdWEB
- github.com/browserify/pbkdf2/security/advisories/GHSA-h7cp-r72f-jxh6nvdWEB
News mentions
0No linked articles in our index yet.