N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-66030

CVE-2025-66030: node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary

MITRE-Formatted CVE Description An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.

Description

An ASN.1 OID Integer Truncation vulnerability exists in the node-forge asn1.derToOid function within forge/lib/asn1.js. OID components are decoded using JavaScript's bitwise left-shift operator (<<), which forcibly casts values to 32-bit signed integers. Consequently, if an attacker provides a mathematically unique, very large OID arc integer exceeding $2^{31}-1$, the value silently overflows and wraps around rather than throwing an error.

Impact

This vulnerability allows a specially crafted ASN.1 object to spoof an OID, where a malicious certificate with a massive, invalid OID is misinterpreted by the library as a trusted, standard OID, potentially bypassing security controls.

This vulnerability impacts the asn1.derToOid function in node-forge before patched version 1.3.2.

Any downstream application using this component is impacted. This component may be leveraged by downstream applications in ways that enables partial compromise of integrity, leading to potential availability and confidentiality compromises.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-66030

CVE-2025-66030:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
node-forge	npm	< 1.3.2	1.3.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, identified as GHSA-65ch-62r8-g69g, is an integer overflow within the node-forge library's ASN.1 parsing functionality. The core of the issue is located in the asn1.derToOid function in lib/asn1.js. The vulnerability stems from the use of JavaScript's bitwise left-shift operator (<<), which operates on 32-bit signed integers. When decoding an ASN.1 Object Identifier (OID), a large value for an OID arc could be crafted by an attacker. During decoding, the value = value << 7; operation would cause this large number to overflow the 32-bit limit and wrap around, resulting in a completely different and smaller OID value. This allows an attacker to create a malicious certificate with a specially crafted large OID that the node-forge library would misinterpret as a standard, trusted OID, potentially bypassing security checks.

The patch, found in commit 3e0c35ace169cfca529a3e547a7848dc7bf57fdb, rectifies this by replacing the bitwise shift with multiplication (value = value * 128), which does not force a 32-bit conversion and can handle larger numbers up to Number.MAX_SAFE_INTEGER. Additionally, a check was added to asn1.oidToDer to prevent the encoding of overly large OIDs in the first place. Therefore, asn1.derToOid is the primary vulnerable function where the exploitation would occur, and asn1.oidToDer is a related function modified as a preventative measure.

Vulnerable functions

asn1.derToOid

lib/asn1.js

The vulnerability lies in this function, which is responsible for decoding DER-encoded OIDs. The use of the `<<` (left bitwise shift) operator on the `value` variable would cast it to a 32-bit signed integer, causing an integer overflow if a large OID arc was provided. This could lead to the OID being misinterpreted as a different, trusted OID. The patch replaces `value = value << 7` with `value = value * 128` to avoid this 32-bit conversion and handle larger numbers.

asn1.oidToDer

lib/asn1.js

This function, which encodes an OID to its DER representation, was modified as part of the fix. A check was added to prevent the creation of OIDs with values larger than 32 bits. While not the function where the overflow occurs, it's a security control function modified to prevent the conditions that could lead to the vulnerability in `asn1.derToOid`. It is relevant as part of the overall mitigation.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-66030: node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary

Description

Impact

CVE-2025-66030:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-66030: node-forge is vulnerable to ASN.1 OID Integer Truncation

Summary

Description

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Technical Details

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI