SB2026013062 - Interpretation conflict in BIG-IQ Centralized Management Node-forge component

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026013062

SB2026013062 - Interpretation conflict in BIG-IQ Centralized Management Node-forge component

Published: January 30, 2026

Security Bulletin ID SB2026013062
Severity
Medium
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Interpretation conflict (CVE-ID: CVE-2025-12816)

The vulnerability allows a remote attacker to bypass downstream cryptographic verification and security decisions.

The vulnerability exists due to incorrect validation of ASN.1 structures within the asn1.validate() function in forge/lib/asn1.js. A remote non-authenticated attacker can use specially crafted ASN.1 structures to desynchronize DER schema validations and bypass downstream cryptographic verification and security decisions.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References