CVE-2025-24015: Deno's AES GCM authentication tags are not verified
This affects AES-256-GCM and AES-128-GCM in Deno, introduced by commit 0d1beed. Specifically, the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the guarantees expected from AES-GCM. Older versions of Deno correctly threw errors in such cases, as does Node.js.
Without authentication tag verification, AES-GCM degrades to essentially CTR mode, removing integrity protection. Authenticated data set with set_aad is also affected, as it is incorporated into the GCM hash (ghash) but this too is not validated, rendering AAD checks ineffective.
References
- github.com/advisories/GHSA-2x3r-hwv5-p32x
- github.com/denoland/deno
- github.com/denoland/deno/commit/0d1beed2e3633d71d5e288e0382b85be361ec13d
- github.com/denoland/deno/commit/4f27d7cdc02e3edfb9d36275341fb8185d6e99ed
- github.com/denoland/deno/commit/a4003a5292bd0affefad3ecb24a8732886900f67
- github.com/denoland/deno/security/advisories/GHSA-2x3r-hwv5-p32x
- nvd.nist.gov/vuln/detail/CVE-2025-24015
Code Behaviors & Features
Detect and mitigate CVE-2025-24015 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →