High severityNVD Advisory· Published Nov 26, 2025· Updated Nov 28, 2025
node-forge ASN.1 Unbounded Recursion
CVE-2025-66031
Description
Forge (also called node-forge) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-forgenpm | < 1.3.2 | 1.3.2 |
Affected products
166- osv-coords165 versionspkg:apk/chainguard/argo-workflow-cli-3.6pkg:apk/chainguard/argo-workflow-cli-3.7pkg:apk/chainguard/argo-workflow-controller-3.6pkg:apk/chainguard/argo-workflow-controller-3.6-compatpkg:apk/chainguard/argo-workflow-controller-3.7pkg:apk/chainguard/argo-workflow-controller-3.7-compatpkg:apk/chainguard/argo-workflow-executor-3.6pkg:apk/chainguard/argo-workflow-executor-3.6-compatpkg:apk/chainguard/argo-workflow-executor-3.7pkg:apk/chainguard/argo-workflow-executor-3.7-compatpkg:apk/chainguard/argo-workflows-3.6pkg:apk/chainguard/argo-workflows-3.7pkg:apk/chainguard/argo-workflows-known-hosts-3.6pkg:apk/chainguard/argo-workflows-known-hosts-3.7pkg:apk/chainguard/argo-workflows-ui-3.6pkg:apk/chainguard/argo-workflows-ui-3.7pkg:apk/chainguard/jitsucom-jitsupkg:apk/chainguard/jitsucom-jitsu-consolepkg:apk/chainguard/jitsucom-jitsu-rotorpkg:apk/chainguard/kibana-7pkg:apk/chainguard/kibana-7-bitnamipkg:apk/chainguard/kibana-8.17pkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.17-iamguardedpkg:apk/chainguard/kibana-8.18pkg:apk/chainguard/kibana-8.18-bitnamipkg:apk/chainguard/kibana-8.18-iamguardedpkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.0pkg:apk/chainguard/kibana-9.0-bitnamipkg:apk/chainguard/kibana-9.0-iamguardedpkg:apk/chainguard/kibana-9.1pkg:apk/chainguard/kibana-9.1-bitnamipkg:apk/chainguard/kibana-9.1-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/kubeflow-centraldashboardpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3pkg:apk/chainguard/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-configpkg:apk/chainguard/opensearch-dashboards-3-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fipspkg:apk/chainguard/opensearch-dashboards-3-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-configpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-security-dashboards-pluginpkg:apk/wolfi/argo-workflow-cli-3.7pkg:apk/wolfi/argo-workflow-controller-3.7pkg:apk/wolfi/argo-workflow-controller-3.7-compatpkg:apk/wolfi/argo-workflow-executor-3.7pkg:apk/wolfi/argo-workflow-executor-3.7-compatpkg:apk/wolfi/argo-workflows-3.7pkg:apk/wolfi/argo-workflows-known-hosts-3.7pkg:apk/wolfi/argo-workflows-ui-3.7pkg:apk/wolfi/jitsucom-jitsupkg:apk/wolfi/jitsucom-jitsu-consolepkg:apk/wolfi/jitsucom-jitsu-rotorpkg:apk/wolfi/kubeflow-centraldashboardpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3pkg:apk/wolfi/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-configpkg:apk/wolfi/opensearch-dashboards-3-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-3-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-3-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-3-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-security-dashboards-pluginpkg:npm/node-forge
< 3.6.13-r2+ 164 more
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.6.13-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 7.17.29-r7
- (no CPE)range: < 7.17.29-r7
- (no CPE)range: < 8.17.10-r4
- (no CPE)range: < 8.17.10-r4
- (no CPE)range: < 8.17.10-r4
- (no CPE)range: < 8.18.8-r3
- (no CPE)range: < 8.18.8-r3
- (no CPE)range: < 8.18.8-r3
- (no CPE)range: < 8.19.7-r2
- (no CPE)range: < 8.19.7-r2
- (no CPE)range: < 8.19.7-r2
- (no CPE)range: < 9.0.8-r3
- (no CPE)range: < 9.0.8-r3
- (no CPE)range: < 9.0.8-r3
- (no CPE)range: < 9.1.7-r2
- (no CPE)range: < 9.1.7-r2
- (no CPE)range: < 9.1.7-r2
- (no CPE)range: < 9.2.1-r2
- (no CPE)range: < 9.2.1-r2
- (no CPE)range: < 1.10.0-r6
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 3.7.4-r2
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 2.11.0-r8
- (no CPE)range: < 1.10.0-r6
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.15.0-r0
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 2.19.4-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 1.3.2
- Range: < 1.3.2
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-554w-wpv2-vw27ghsaADVISORY
- github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451ghsax_refsource_MISCWEB
- github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.