CVE-2025-24015: CWE-347: Improper Verification of Cryptographic Signature in denoland deno
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue.
AI Analysis
Technical Summary
CVE-2025-24015 is a high-severity cryptographic vulnerability affecting the Deno runtime versions 1.46.0 through 2.1.6. Deno is a modern runtime for JavaScript, TypeScript, and WebAssembly, widely used for server-side and scripting applications. The vulnerability stems from improper verification of the authentication tag in AES-GCM encryption modes (specifically AES-256-GCM and AES-128-GCM). AES-GCM is an authenticated encryption algorithm that provides both confidentiality and integrity by combining AES encryption in CTR mode with a Galois Message Authentication Code (GMAC). The authentication tag is critical to ensure that ciphertexts have not been tampered with and that the decryption key is correct. In the affected Deno versions, the authentication tag is not validated during decryption, which means that tampered ciphertexts or incorrect keys may not be detected. This effectively reduces AES-GCM to AES-CTR mode, which only provides confidentiality but no integrity or authenticity guarantees. Additionally, the vulnerability impacts the handling of authenticated additional data (AAD) set via set_aad, which is incorporated into the GCM hash but also not validated, rendering AAD protections ineffective. This flaw breaks the fundamental security guarantees expected from AES-GCM, potentially allowing attackers to manipulate encrypted data undetected or cause incorrect decryption results without triggering errors. The issue was introduced in version 1.46.0 and fixed in version 2.1.7. Notably, older versions of Deno and Node.js correctly validated the authentication tag and threw errors on verification failure. The CVSS 4.0 base score is 7.7 (high), reflecting the network attack vector, no required privileges or user interaction, and a high impact on integrity. No known exploits are currently reported in the wild. This vulnerability is classified under CWE-347 (Improper Verification of Cryptographic Signature).
Potential Impact
For European organizations using Deno in their development or production environments, this vulnerability poses a significant risk to data integrity and authenticity. Applications relying on AES-GCM encryption for securing sensitive data, communications, or tokens may be vulnerable to undetected ciphertext tampering or key misuse. This could lead to unauthorized data manipulation, injection of malicious payloads, or bypassing of security controls that depend on cryptographic assurances. Since Deno is often used in modern web services, microservices, and serverless functions, the impact could extend to critical business applications, APIs, and cloud-native deployments. The lack of authentication tag verification undermines trust in encrypted data, potentially exposing organizations to data corruption, fraud, or compliance violations related to data protection regulations such as GDPR. Moreover, attackers could exploit this flaw remotely without authentication or user interaction, increasing the threat surface. While no active exploits are known, the high severity and ease of exploitation warrant urgent attention. The impact on confidentiality is moderate since encryption still occurs, but integrity and authenticity are severely compromised, which can have cascading effects on application logic and security.
Mitigation Recommendations
European organizations should immediately assess their use of Deno runtime versions between 1.46.0 and 2.1.6. The primary mitigation is to upgrade all affected Deno instances to version 2.1.7 or later, where the authentication tag verification issue is patched. Until upgrades can be performed, organizations should consider disabling or avoiding the use of AES-GCM encryption within Deno or implement additional application-level integrity checks as a temporary safeguard. Security teams should audit cryptographic usage in their codebases to identify reliance on AES-GCM and verify that authentication tags are properly validated. Incorporating cryptographic libraries with proven and tested implementations or fallback mechanisms may reduce risk. Monitoring network traffic and application logs for anomalies related to encrypted data manipulation can help detect exploitation attempts. Additionally, organizations should review their incident response plans to handle potential data integrity breaches. Vendor communication channels and security advisories from denoland should be monitored for further updates or exploit disclosures. Finally, developers should be trained on the importance of cryptographic validation and the risks of improper implementation to prevent similar issues in the future.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland
CVE-2025-24015: CWE-347: Improper Verification of Cryptographic Signature in denoland deno
Description
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js. Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective. Version 2.1.7 includes a patch that addresses this issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-24015 is a high-severity cryptographic vulnerability affecting the Deno runtime versions 1.46.0 through 2.1.6. Deno is a modern runtime for JavaScript, TypeScript, and WebAssembly, widely used for server-side and scripting applications. The vulnerability stems from improper verification of the authentication tag in AES-GCM encryption modes (specifically AES-256-GCM and AES-128-GCM). AES-GCM is an authenticated encryption algorithm that provides both confidentiality and integrity by combining AES encryption in CTR mode with a Galois Message Authentication Code (GMAC). The authentication tag is critical to ensure that ciphertexts have not been tampered with and that the decryption key is correct. In the affected Deno versions, the authentication tag is not validated during decryption, which means that tampered ciphertexts or incorrect keys may not be detected. This effectively reduces AES-GCM to AES-CTR mode, which only provides confidentiality but no integrity or authenticity guarantees. Additionally, the vulnerability impacts the handling of authenticated additional data (AAD) set via set_aad, which is incorporated into the GCM hash but also not validated, rendering AAD protections ineffective. This flaw breaks the fundamental security guarantees expected from AES-GCM, potentially allowing attackers to manipulate encrypted data undetected or cause incorrect decryption results without triggering errors. The issue was introduced in version 1.46.0 and fixed in version 2.1.7. Notably, older versions of Deno and Node.js correctly validated the authentication tag and threw errors on verification failure. The CVSS 4.0 base score is 7.7 (high), reflecting the network attack vector, no required privileges or user interaction, and a high impact on integrity. No known exploits are currently reported in the wild. This vulnerability is classified under CWE-347 (Improper Verification of Cryptographic Signature).
Potential Impact
For European organizations using Deno in their development or production environments, this vulnerability poses a significant risk to data integrity and authenticity. Applications relying on AES-GCM encryption for securing sensitive data, communications, or tokens may be vulnerable to undetected ciphertext tampering or key misuse. This could lead to unauthorized data manipulation, injection of malicious payloads, or bypassing of security controls that depend on cryptographic assurances. Since Deno is often used in modern web services, microservices, and serverless functions, the impact could extend to critical business applications, APIs, and cloud-native deployments. The lack of authentication tag verification undermines trust in encrypted data, potentially exposing organizations to data corruption, fraud, or compliance violations related to data protection regulations such as GDPR. Moreover, attackers could exploit this flaw remotely without authentication or user interaction, increasing the threat surface. While no active exploits are known, the high severity and ease of exploitation warrant urgent attention. The impact on confidentiality is moderate since encryption still occurs, but integrity and authenticity are severely compromised, which can have cascading effects on application logic and security.
Mitigation Recommendations
European organizations should immediately assess their use of Deno runtime versions between 1.46.0 and 2.1.6. The primary mitigation is to upgrade all affected Deno instances to version 2.1.7 or later, where the authentication tag verification issue is patched. Until upgrades can be performed, organizations should consider disabling or avoiding the use of AES-GCM encryption within Deno or implement additional application-level integrity checks as a temporary safeguard. Security teams should audit cryptographic usage in their codebases to identify reliance on AES-GCM and verify that authentication tags are properly validated. Incorporating cryptographic libraries with proven and tested implementations or fallback mechanisms may reduce risk. Monitoring network traffic and application logs for anomalies related to encrypted data manipulation can help detect exploitation attempts. Additionally, organizations should review their incident response plans to handle potential data integrity breaches. Vendor communication channels and security advisories from denoland should be monitored for further updates or exploit disclosures. Finally, developers should be trained on the importance of cryptographic validation and the risks of improper implementation to prevent similar issues in the future.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-01-16T17:31:06.458Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 683f7e1a182aa0cae29091f2
Added to database: 6/3/2025, 10:58:34 PM
Last enriched: 7/4/2025, 7:56:51 PM
Last updated: 8/16/2025, 2:07:35 AM
Views: 31
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.