VDB
HSEC-2025-0002
HSEC-2025-0002
PUBLISHED
CVSS 7.699999809265137 HIGH
Double Public Key Signing Function Oracle Attack on Ed25519
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| haskell | cryptonite | 0.1, 0.1, 0.1 |
Timeline
- Nov 14, 2025 CVE Published
- Apr 18, 2026 CVE Updated
References
- https://github.com/advisories/GHSA-w5vr-6qhr-36cc advisory
- https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft article
- https://github.com/MystenLabs/ed25519-unsafe-libs article
- https://hackage.haskell.org/package/cryptonite-0.30/docs/src/Crypto.PubKey.Ed25519.html#sign url
- https://github.com/haskell-crypto/cryptonite/blob/cryptonite-v0.30/cbits/ed25519/ed25519.c#53 url
- https://github.com/kazu-yamamoto/crypton/blob/48fb9df2de5ee752196724b081f4d3cdb57576ed/cbits/ed25519/ed25519.c#L53 url
- https://github.com/kazu-yamamoto/crypton/pull/47 patch
- https://github.com/haskell/security-advisories/blob/main/advisories/published/2025/HSEC-2025-0002.md advisory
- https://web.archive.org/web/20250917120037/https://portswigger.net/daily-swig/dozens-of-cryptography-libraries-vulnerable-to-private-key-theft article