JavaScript is a high-level, interpreted programming language essential for creating interactive web applications, running directly in web browsers to enable dynamic content and user interface enhancements. It is integral to the web development stack, working seamlessly with HTML and CSS to build responsive and feature-rich websites.

JavaScript

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66031	HIGH	8.7	JavaScript	node-node-forge	No	Yes	Nov 26, 2025
CVE-2025-66035	HIGH	7.7	JavaScript	@angular/common	No	Yes	Nov 26, 2025
CVE-2025-66028	MEDIUM	6.9	JavaScript	@oneuptime/common	No	Yes	Nov 26, 2025
CVE-2025-66030	MEDIUM	6.3	JavaScript	node-node-forge	No	Yes	Nov 26, 2025
GHSA-j9wj-m24m-7jj6	MEDIUM	N/A	JavaScript	willitmerge	No	No	Nov 26, 2025

CVE-2025-66030:
JavaScript vulnerability analysis and mitigation

6.3

Related JavaScript vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-66030: JavaScript vulnerability analysis and mitigation