JavaScript is a high-level, interpreted programming language essential for creating interactive web applications, running directly in web browsers to enable dynamic content and user interface enhancements. It is integral to the web development stack, working seamlessly with HTML and CSS to build responsive and feature-rich websites.

JavaScript

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66031	HIGH	8.7	JavaScript	node-node-forge	No	Yes	Nov 26, 2025
CVE-2025-66035	HIGH	7.7	JavaScript	@angular/common	No	Yes	Nov 26, 2025
CVE-2025-66028	MEDIUM	6.9	JavaScript	@oneuptime/common	No	Yes	Nov 26, 2025
CVE-2025-66030	MEDIUM	6.3	JavaScript	node-node-forge	No	Yes	Nov 26, 2025
GHSA-j9wj-m24m-7jj6	MEDIUM	N/A	JavaScript	willitmerge	No	No	Nov 26, 2025

CVE-2025-66031:
JavaScript vulnerability analysis and mitigation

8.7

Related JavaScript vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-66031: JavaScript vulnerability analysis and mitigation