vulnerability
Ubuntu: USN-7746-1 (CVE-2025-9287): cipher-base vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:N/I:C/A:C) | Aug 20, 2025 | Sep 12, 2025 | Sep 16, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:C)
Published
Aug 20, 2025
Added
Sep 12, 2025
Modified
Sep 16, 2025
Description
Nikita Skovoroda discovered that cipher-base did not properly manage
certain inputs. An attacker could possibly use this issue to manipulate
the internal state of hash functions, resulting in hash collisions,
denial of service, or other unspecified impact.
Solution
ubuntu-pro-upgrade-node-cipher-base
References
- CVE-2025-9287
- https://attackerkb.com/topics/CVE-2025-9287
- CWE-20
- UBUNTU-USN-7746-1
- URL-https://github.com/browserify/cipher-base/pull/23
- URL-https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
- URL-https://ubuntu.com/security/notices/USN-7746-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-9287
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.