CVE-2025-9287

CRITICAL

cipher-base <1.0.4 - Info Disclosure

Title source: llm

Improper Input Validation vulnerability in cipher-base allows Input Data Manipulation.This issue affects cipher-base: through 1.0.4.

Core 3

Core References

Exploit, Vendor Advisory vendor-advisory

Issue Tracking, Patch patch

Mailing List

CVSS v3 9.1

EPSS 0.0015

EPSS Percentile 35.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

CWE

CWE-20

Status published

Products (2)

browserify/cipher-base < 1.0.4

npm/cipher-base 0 - 1.0.5npm

Published Aug 20, 2025

Tracked Since Feb 18, 2026