A critical vulnerability has been discovered in the popular sha.js npm package, which receives over 14 million weekly downloads, allowing attackers to manipulate hash values and potentially compromise cryptographic operations.
The vulnerability, assigned CVE-2025-9288, affects all versions up to 2.4.11 and has been patched in version 2.4.12.
The security vulnerability stems from missing input type checks in the sha.js library’s implementation, which can lead to severe consequences including hash state rewind, value miscalculation, and denial-of-service attacks.
Published yesterday by security researcher ljharb under GitHub Security Advisory GHSA-95m3-7q98-8xr5, this vulnerability represents a significant threat to applications relying on the library for cryptographic hashing operations.
The most concerning aspect of this vulnerability is its ability to rewind hash states, including the capability to transform a tagged hash into an untagged hash.
This manipulation can occur when attackers provide specially crafted JSON-stringifiable input containing malicious objects with negative length properties.
The attack leverages the library’s improper handling of objects with {length: -x} properties, allowing attackers to effectively “undo” previous hash operations.
Proof-of-Concept
The vulnerability manifests through multiple attack vectors, each presenting different levels of risk. The primary attack method involves crafting malicious input using a forgeHash function that creates JSON payloads with negative length properties.
A simple proof-of-concept demonstrates how an attacker can make two different inputs produce identical hash values:
javascriptrequire('sha.js')('sha256').update('foo').digest('hex')
// Returns: '2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae'
require('sha.js')('sha256').update('fooabc').update({length:-3}).digest('hex')
// Returns identical hash despite different input
The vulnerability also enables value miscalculation attacks where objects like {length: buf.length, ...buf, 0: buf + 256} can generate hash collisions while being interpreted differently by other code components.
Additionally, attackers can trigger denial-of-service conditions by providing inputs with properties like {length:'1e99'}, causing the library to hang during processing.
The attack complexity is rated as High according to CVSS v4 metrics, with an overall score reflecting Network attack vector, High attack complexity, and Present attack requirements.
However, no privileges or user interaction are required, making successful exploitation achievable for determined attackers.
Mitigations
The implications of this vulnerability extend far beyond simple hash manipulation. In cryptographic libraries, hash functions often generate nonces for digital signatures, and matching nonces for different values frequently lead to immediate private key restoration.
This creates a pathway for attackers to extract private keys from affected cryptographic implementations, potentially compromising entire security infrastructures.
The vulnerability affects the Confidentiality, Integrity, and Availability of both vulnerable and subsequent systems, earning a CVSS v4 base score that reflects high impact across multiple security dimensions.
Organizations using sha.js should immediately upgrade to version 2.4.12 or later to address this critical security vulnerability.
Given the library’s massive adoption rate and the severity of potential attacks, security teams should prioritize identifying and updating all applications using vulnerable versions of sha.js.
The patch addresses the missing type checks that enabled these attacks, restoring proper input validation to prevent hash manipulation attempts.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
