CVE-2025-65945 Overview
CVE-2025-65945 is an improper signature verification vulnerability affecting auth0/node-jws, a JSON Web Signature (JWS) implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, applications using the jws.createVerify() function with HMAC algorithms (specifically HS256) are vulnerable when user-provided data from the JSON Web Signature protected header or payload is used in HMAC secret lookup routines. This flaw allows attackers to bypass signature verification, potentially leading to unauthorized access or data tampering.
Critical Impact
Attackers can bypass JWT signature verification in affected applications, enabling authentication bypass and unauthorized access to protected resources.
Affected Products
- auth0 node-jws versions 3.2.2 and earlier
- auth0 node-jws version 4.0.0
- Applications using jws.createVerify() with HS256 algorithm and user-controlled secret lookups
Discovery Timeline
- 2025-12-04 - CVE-2025-65945 published to NVD
- 2026-03-09 - Last updated in NVD database
Technical Details for CVE-2025-65945
Vulnerability Analysis
This vulnerability falls under CWE-347 (Improper Verification of Cryptographic Signature). The issue exists in how the node-jws library handles secret key validation when using HMAC-based signing algorithms like HS256.
The vulnerability specifically impacts applications that implement dynamic secret key lookups based on user-controllable data extracted from the JWT header or payload. When the secret resolution logic relies on attacker-influenced values, the signature verification process can be manipulated to accept forged tokens.
The network-accessible nature of this vulnerability combined with no required authentication makes it particularly dangerous for authentication systems relying on JWTs for session management.
Root Cause
The root cause lies in the SignStream constructor in lib/sign-stream.js, where the secret parameter handling used short-circuit evaluation (||) that could inadvertently allow empty or null secrets under specific conditions. The original code used opts.secret||opts.privateKey||opts.key, which could lead to unexpected behavior when secrets were falsy values but still valid in certain contexts.
The patch addresses this by implementing explicit null checks and adding a type validation guard that throws a TypeError when HMAC algorithms are used without a properly defined secret.
Attack Vector
The attack exploits applications where HMAC secret lookup is performed using data derived from the JWT itself. An attacker can craft a malicious JWT where:
- The protected header or payload contains manipulated data used in secret resolution
- The application's secret lookup routine returns a predictable or null value based on attacker input
- The signature verification passes despite the token being forged
This is a network-based attack requiring no authentication or user interaction, making it exploitable remotely against any exposed endpoint accepting JWTs.
// Security patch in lib/sign-stream.js
// Source: https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e
}
function SignStream(opts) {
- var secret = opts.secret||opts.privateKey||opts.key;
+ var secret = opts.secret;
+ secret = secret == null ? opts.privateKey : secret;
+ secret = secret == null ? opts.key : secret;
+ if (/^hs/i.test(opts.header.alg) === true && secret == null) {
+ throw new TypeError('secret must be a string or buffer or a KeyObject')
+ }
var secretStream = new DataStream(secret);
this.readable = true;
this.header = opts.header;
Detection Methods for CVE-2025-65945
Indicators of Compromise
- Unexpected successful authentications with malformed or suspicious JWT tokens
- JWT tokens with unusual header or payload structures in authentication logs
- Application logs showing secret lookup failures followed by successful verifications
- Authentication events from unknown sources using tokens with manipulated kid or similar header claims
Detection Strategies
- Implement logging for all JWT verification attempts, including header and payload content (excluding sensitive data)
- Monitor for JWT tokens where the alg header is HS256 with unusual kid or custom header values
- Deploy application-level monitoring to detect authentication anomalies
- Audit code paths where JWT data influences secret key selection
Monitoring Recommendations
- Review authentication logs for tokens with inconsistent signature patterns
- Set up alerts for authentication rate anomalies that could indicate bypass attempts
- Monitor package dependency versions using npm audit or similar tools to detect vulnerable node-jws installations
- Implement runtime integrity checking for JWT verification outcomes
How to Mitigate CVE-2025-65945
Immediate Actions Required
- Upgrade node-jws to version 3.2.3 or 4.0.1 immediately
- Audit all applications using node-jws for vulnerable versions using npm ls jws
- Review code that uses jws.createVerify() with HMAC algorithms to ensure secrets are not derived from user-controlled input
- Consider implementing additional token validation beyond signature verification
Patch Information
Auth0 has released patched versions that address this vulnerability. The fix adds explicit null checking for HMAC secrets and throws a TypeError if the secret is not properly defined when using HS algorithms.
Patched versions:
- Version 3.2.3 for the 3.x branch
- Version 4.0.1 for the 4.x branch
For detailed patch information, see the GitHub Security Advisory and the security patch commit.
Workarounds
- Never use user-controllable data from JWT headers or payloads for secret key lookups
- Implement a static secret key or use a pre-defined mapping that cannot be influenced by token contents
- Add explicit null/undefined checks before passing secrets to jws.createVerify()
- Consider using asymmetric algorithms (RS256, ES256) instead of HMAC-based algorithms where feasible
# Upgrade node-jws to patched version
npm update jws
# Or install specific patched version
npm install jws@3.2.3
# For 4.x users:
npm install jws@4.0.1
# Verify installed version
npm ls jws
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
