CVE-2025-57801 | THREATINT

Description

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-22 | Updated 2025-08-22 | Assigner GitHub_M

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-347: Improper Verification of Cryptographic Signature

Product status

< 0.14.0

affected

References

github.com/.../gnark/security/advisories/GHSA-95v9-hv42-pwrj

github.com/...ommit/0ba6730f05537a351517998add89a61a0d82716e

cve.org (CVE-2025-57801)

nvd.nist.gov (CVE-2025-57801)

Download JSON