Bug 2374378 (CVE-2025-6547)

Summary: CVE-2025-6547 pbkdf2: pbkdf2 silently returns static keys
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: abarbaro, bdettelb, bkabrda, caswilli, cdaley, chfoley, cmiranda, dhanak, doconnor, drosa, dsimansk, erack, eric.wittmann, gmalinko, gotiwari, ibek, janstey, jcantril, jchui, jhe, jhorak, jkoehler, jrokos, jscholz, jwendell, kaycoth, kingland, ktsao, kverlaen, lball, lchilton, lphiri, matzew, mnovotny, mvyas, nboldt, ngough, nipatil, pantinor, pcongius, pdelbell, periklis, pjindal, ppisar, psrna, rcernich, rkubis, rojacob, rstepani, sausingh, sdawley, sfeifer, swoodman, teagle, tpopela, veshanka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the npm pbkdf2 library, allowing signature spoofing. Under specific use cases, pbkdf2 may return static keys. This issue only occurs when running the library on Node.js versions prior to 3.0.0.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2374429, 2374430, 2374434, 2374438, 2374444, 2374446, 2374450, 2374456, 2374458, 2374462, 2374428, 2374432, 2374436, 2374440, 2374442, 2374448, 2374452, 2374454, 2374460    
Bug Blocks:    

Description OSIDB Bzimport 2025-06-23 20:01:37 UTC 
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
Comment 2 Petr Pisar 2025-06-24 07:06:53 UTC 
The "pbkdf2: <=3.1.2" refers to pbkdf2 NPM package <https://github.com/browserify/pbkdf2>.
Comment 3 Petr Pisar 2025-06-24 07:30:32 UTC 
This CVE-2025-6547 is about ignoring a password and a salt passed to a PBKDF2 function and returning a value as if an empty password and empty salt were given.

perl-PBKDF2-Tiny-0.005 is not affected:

$ perl -Ilib -MPBKDF2::Tiny=derive -e 'print derive(q{SHA-1}, q{password}, q{salt})' | hexdump -C
00000000  6e 88 be 8b ad 7e ae 9d  9e 10 aa 06 12 24 03 4f  |n....~.......$.O|
00000010  ed 48 d0 3f                                       |.H.?|
00000014
$ perl -Ilib -MPBKDF2::Tiny=derive -e 'print derive(q{SHA-1}, q{}, q{})' | hexdump -C
00000000  6e 40 91 0a c0 2e c8 9c  eb b9 d8 98 b1 3a 09 d1  |n@...........:..|
00000010  cd 7a df 6f                                       |.z.o|
00000014

What happens if no password or salt argument is specified:

$ perl -Ilib -MPBKDF2::Tiny=derive -e 'print derive(q{SHA-1})' | hexdump -C
00000000  6e 40 91 0a c0 2e c8 9c  eb b9 d8 98 b1 3a 09 d1  |n@...........:..|
00000010  cd 7a df 6f                                       |.z.o|
00000014

is documented in PBKDF2::Tiny:

    If a password or salt are not provided, they default to the empty
    string, so don't do that!