DEBIAN-CVE-2025-8556

DEBIAN-CVE-2025-8556 PUBLISHED CVSS 3.700000047683716 LOW

A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

Risk Scores

CVSS v3.1

3.700000047683716

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:14	golang-github-cloudflare-circl	0, 0
Debian:13	golang-github-cloudflare-circl	0, 0
Debian:11	golang-github-cloudflare-circl	1.6.3-1, 1.3.6-1, 1.3.7-1
Debian:12	golang-github-cloudflare-circl	1.3.7-1, 1.3.8-1, 1.4.0-1

Timeline

Aug 6, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-8556 advisory

Open in Interactive Console →