CVE-2025-9288: Critical Flaw in Popular JavaScript Library Threatens Global Web Security

A critical security vulnerability has been disclosed in sha.js, a widely used JavaScript library that implements the Secure Hash Algorithm (SHA) family. With over 14 million weekly downloads, this library is a cornerstone of many Node.js and browser-based applications that depend on cryptographic hashing for security.

The vulnerability, tracked as CVE-2025-9288 and assigned a CVSS score of 9.1, arises from missing input type checks. This oversight allows attackers to manipulate how hash values are calculated, leading to severe consequences ranging from hash collisions to cryptographic key extraction.

The flaw stems from the library’s failure to properly validate input data types. According to the advisory, “missing input type checks lead to it calculating invalid values, hanging, rewinding the hash state (including turning a tagged hash into an untagged hash) on malicious JSON-stringifyable input.”

Key attack vectors include:

1. Hash State Rewind
   By using inputs like { length: -x }, an attacker can effectively rewind the internal state of the hash function. This not only disrupts calculations but also allows a tagged hash (used in cryptographic libraries to ensure data integrity) to be transformed into an untagged hash, undermining its intended protection.

2. Value Miscalculation and Collisions
   An attacker can craft malicious inputs such as:

   { length: buf.length, ...buf, 0: buf[0] + 256 }


   This input generates the same hash as the original buffer (buf), even though the underlying values differ. Other libraries, such as bn.js, may interpret these values differently, leading to dangerous inconsistencies.

3. Denial of Service (DoS)
   By supplying inputs like { length: '1e99' }, attackers can cause the function to hang indefinitely, resulting in a denial-of-service condition for applications relying on sha.js.

4. Cryptographic Catastrophe: Private Key Extraction
   The most severe implication occurs when these collisions are leveraged in systems where nonces are generated through hashing. If two different values yield matching hashes but divergent numeric interpretations, attackers can exploit this to derive cryptographic private keys. As the advisory warns, “matching nonces for different values often immediately leads to private key restoration.”

Developers and organizations using sha.js should immediately upgrade to the patched version (2.4.12) to prevent exploitation.

Related Posts:

• Bitcoin Core Vulnerability (CVE-2024-35202) Enables Remote Node Crashes
• SSH Security Breach: Researchers Discover Vulnerability in Crypto Keys
• Urgent Security Alert: CISA Warns of Actively Exploited Apple and Microsoft Vulnerabilities
• CVE-2024-9312: Ubuntu Authd Flaw Allows User ID Spoofing
• CVE-2024-54143: Critical Vulnerability in OpenWrt’s Attended SysUpgrade Server Allows for Firmware Poisoning

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.