diff --git a/crates/node/ops/crypto/cipher.rs b/crates/node/ops/crypto/cipher.rs
index 160af8c7..084445d8 100644
--- a/crates/node/ops/crypto/cipher.rs
+++ b/crates/node/ops/crypto/cipher.rs
@@ -4,6 +4,7 @@ use aes::cipher::block_padding::Pkcs7;
 use aes::cipher::BlockDecryptMut;
 use aes::cipher::BlockEncryptMut;
 use aes::cipher::KeyIvInit;
+use deno_core::error::range_error;
 use deno_core::error::type_error;
 use deno_core::error::AnyError;
 use deno_core::Resource;
@@ -127,6 +128,14 @@ impl Cipher {
                 Aes256Gcm(Box::new(cipher))
             }
             "aes256" | "aes-256-cbc" => {
+                // PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
+                if key.len() != 32 {
+                    return Err(range_error("Invalid key length"));
+                }
+                if iv.len() != 16 {
+                    return Err(type_error("Invalid initialization vector"));
+                }
+
                 Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
             }
             _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
@@ -253,6 +262,14 @@ impl Decipher {
                 Aes256Gcm(Box::new(decipher))
             }
             "aes256" | "aes-256-cbc" => {
+                // PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
+                if key.len() != 32 {
+                    return Err(range_error("Invalid key length"));
+                }
+                if iv.len() != 16 {
+                    return Err(type_error("Invalid initialization vector"));
+                }
+
                 Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
             }
             _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
diff --git a/crates/node/ops/crypto/mod.rs b/crates/node/ops/crypto/mod.rs
index 0837afef..ad31a865 100644
--- a/crates/node/ops/crypto/mod.rs
+++ b/crates/node/ops/crypto/mod.rs
@@ -193,6 +193,7 @@ pub fn op_node_public_encrypt(
     }
 }
 
+// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
 #[op2(fast)]
 #[smi]
 pub fn op_node_create_cipheriv(
@@ -200,13 +201,9 @@ pub fn op_node_create_cipheriv(
     #[string] algorithm: &str,
     #[buffer] key: &[u8],
     #[buffer] iv: &[u8],
-) -> u32 {
-    state
-        .resource_table
-        .add(match cipher::CipherContext::new(algorithm, key, iv) {
-            Ok(context) => context,
-            Err(_) => return 0,
-        })
+) -> Result<u32, AnyError> {
+    let context = cipher::CipherContext::new(algorithm, key, iv)?;
+    Ok(state.resource_table.add(context))
 }
 
 #[op2(fast)]
@@ -252,6 +249,7 @@ pub fn op_node_cipheriv_final(
     context.r#final(input, output)
 }
 
+// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
 #[op2(fast)]
 #[smi]
 pub fn op_node_create_decipheriv(
@@ -259,13 +257,9 @@ pub fn op_node_create_decipheriv(
     #[string] algorithm: &str,
     #[buffer] key: &[u8],
     #[buffer] iv: &[u8],
-) -> u32 {
-    state
-        .resource_table
-        .add(match cipher::DecipherContext::new(algorithm, key, iv) {
-            Ok(context) => context,
-            Err(_) => return 0,
-        })
+) -> Result<u32, AnyError> {
+    let context = cipher::DecipherContext::new(algorithm, key, iv)?;
+    Ok(state.resource_table.add(context))
 }
 
 #[op2(fast)]
diff --git a/crates/node/ops/http2.rs b/crates/node/ops/http2.rs
index f6d21ad0..c3ed5e6c 100644
--- a/crates/node/ops/http2.rs
+++ b/crates/node/ops/http2.rs
@@ -238,6 +238,7 @@ pub async fn op_http2_send_response(
     }
     for (name, value) in headers {
         response.headers_mut().append(
+            // PATCH(denoland/deno#24780): Mitigates denoland/deno#24678
             HeaderName::from_bytes(&name).unwrap(),
             HeaderValue::from_bytes(&value).unwrap(),
         );
@@ -308,6 +309,7 @@ pub async fn op_http2_client_request(
 
     for (name, value) in headers {
         req.headers_mut().unwrap().append(
+            // PATCH(denoland/deno#24780): Mitigates denoland/deno#24678
             HeaderName::from_bytes(&name).unwrap(),
             HeaderValue::from_bytes(&value).unwrap(),
         );
diff --git a/crates/node/polyfills/internal/crypto/cipher.ts b/crates/node/polyfills/internal/crypto/cipher.ts
index f8a46896..2589004f 100644
--- a/crates/node/polyfills/internal/crypto/cipher.ts
+++ b/crates/node/polyfills/internal/crypto/cipher.ts
@@ -227,7 +227,8 @@ export class Cipheriv extends Transform implements Cipher {
   ): Buffer | string {
     // TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
     let buf = data;
-    if (typeof data === "string" && typeof inputEncoding === "string") {
+    // PATCH(denoland/deno#25571): Mitigates denoland/deno#25279
+    if (typeof data === "string") {
       buf = Buffer.from(data, inputEncoding);
     }
 
@@ -373,7 +374,8 @@ export class Decipheriv extends Transform implements Cipher {
   ): Buffer | string {
     // TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
     let buf = data;
-    if (typeof data === "string" && typeof inputEncoding === "string") {
+    // PATCH(denoland/deno#25571): Mitigates denoland/deno#25279
+    if (typeof data === "string") {
       buf = Buffer.from(data, inputEncoding);
     }