CVE-2025-66030 Overview
CVE-2025-66030 is an integer overflow vulnerability in node-forge, a native JavaScript implementation of Transport Layer Security (TLS). Versions 1.3.1 and below fail to bounds-check individual arc values when encoding Object Identifiers (OIDs) inside ASN.1 structures. Remote, unauthenticated attackers can craft ASN.1 payloads containing oversized OID arcs that get truncated by 32-bit bitwise operations. The truncated arcs may then collide with smaller, trusted OIDs, bypassing downstream OID-based security decisions. Digital Bazaar patched the issue in node-forge version 1.3.2.
Critical Impact
Attackers can forge ASN.1 OIDs that decode to trusted identifiers, undermining OID-based trust checks in TLS, certificate, and PKCS parsing paths that depend on node-forge.
Affected Products
- Digital Bazaar node-forge versions ≤ 1.3.1 (Node.js package)
- Applications embedding node-forge for ASN.1, X.509, or PKCS parsing
- Downstream libraries and services that make trust decisions based on OID values parsed by node-forge
Discovery Timeline
- 2025-11-26 - CVE-2025-66030 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-66030
Vulnerability Analysis
The vulnerability is classified as an Integer Overflow ([CWE-190]) in the ASN.1 OID encoding routine of lib/asn1.js. OIDs are represented as sequences of unsigned integer arcs. node-forge parsed each arc using parseInt, then applied 32-bit bitwise operations (& 0x7F and >>> 7) to encode the value into base-128 bytes. JavaScript bitwise operators coerce operands to signed 32-bit integers, silently truncating any value above 0xFFFFFFFF. An attacker who supplies an oversized arc can therefore produce an encoded OID whose bytes match a smaller, trusted OID after the modular reduction.
Root Cause
The root cause is the absence of a bounds check on individual OID arc values before they enter 32-bit bitwise encoding. Because node-forge never validated that value <= 0xFFFFFFFF, oversized arcs were reduced modulo 2³² instead of being rejected. Applications that later compared the parsed OID string against an allow-list (for example, certificate policy OIDs, extended key usage OIDs, or algorithm identifiers) received an unexpected, attacker-chosen value.
Attack Vector
The attack vector is network-based and requires no authentication. An attacker delivers a crafted ASN.1 blob, such as an X.509 certificate, PKCS#7 message, or CSR, containing an OID with one or more oversized arcs. When node-forge decodes the structure, the truncated OID may match a security-relevant identifier that the application trusts. Exploitation complexity is elevated because the attacker must find an oversized arc whose 32-bit truncation matches a target trusted OID.
// Patch in lib/asn1.js - Fix "ASN.1 OID Integer Truncation" advisory
last = true;
valueBytes = [];
value = parseInt(values[i], 10);
// TODO: Change bitwise logic to allow larger values.
if(value > 0xffffffff) {
throw new Error('OID value too large; max is 32-bits.');
}
do {
b = value & 0x7F;
value = value >>> 7;
Source: digitalbazaar/forge commit 3e0c35a
Detection Methods for CVE-2025-66030
Indicators of Compromise
- ASN.1 payloads containing OID arcs with numeric values greater than 0xFFFFFFFF (4,294,967,295).
- Certificates, CSRs, or PKCS#7 messages where a parsed OID resolves to a trusted policy or algorithm identifier despite encoding anomalies.
- Application logs showing successful trust decisions on inputs that also produce ASN.1 parsing warnings.
Detection Strategies
- Inventory Node.js applications using Software Composition Analysis (SCA) to locate all direct and transitive dependencies on node-forge at version ≤ 1.3.1.
- Instrument ASN.1 parsing paths to log raw OID byte sequences alongside the decoded string, then alert on arcs exceeding 32-bit range.
- Add integration tests that feed known oversized-arc test vectors through certificate validation code paths.
Monitoring Recommendations
- Monitor package registries and build pipelines for continued use of node-forge versions ≤ 1.3.1.
- Alert on ingestion of X.509 or PKCS objects that contain unusually long OID arc encodings.
- Track certificate policy and extended key usage OID decisions and correlate against source certificate hashes for anomaly review.
How to Mitigate CVE-2025-66030
Immediate Actions Required
- Upgrade node-forge to version 1.3.2 or later across all applications, container images, and serverless functions.
- Rebuild and redeploy any artifact that bundles node-forge, including web frontends where the library ships to browsers.
- Review OID allow-lists and confirm that OID-based trust decisions include additional cryptographic checks, not just string comparison.
Patch Information
The fix is committed in digitalbazaar/forge commit 3e0c35a and released in node-forge 1.3.2. It adds an explicit check that throws OID value too large; max is 32-bits. when any arc exceeds 0xFFFFFFFF. Full advisory details are available in GitHub Security Advisory GHSA-65ch-62r8-g69g.
Workarounds
- Validate untrusted ASN.1 input at the application layer and reject OID arcs greater than 0xFFFFFFFF before invoking node-forge.
- Where feasible, replace node-forge OID parsing with a maintained ASN.1 library that rejects out-of-range arcs.
- Constrain trust decisions to a minimal OID allow-list and pair OID checks with certificate chain, algorithm, and key usage validation.
# Upgrade node-forge to the patched release
npm install node-forge@^1.3.2
npm ls node-forge # confirm no transitive < 1.3.2 remains
npm audit --production # verify advisory GHSA-65ch-62r8-g69g is resolved
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

