CVE-2025-9288 — Improper Input Validation in Node-sha.js
Severity
9.1CRITICALNVD
EPSS
0.0%
top 86.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 20
Latest updateSep 25
Description
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.
CVSS vector
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N
Affected Packages6 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
4Debian▶
CVE-2025-9288: node-sha.js - Improper Input Validation vulnerability in sha.js allows Input Data Manipulation...↗2025