CVE-2025-7396

EPSS 0.11%
Veröffentlicht 18.07.2025 22:51:18
Zuletzt bearbeitet 03.12.2025 15:25:26
Quelle facts@wolfssl.com
CVE-Watchlists
Login
Unerledigt
Login

Curve25519 Blinding

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wolfssl ≫ Wolfssl Version5.8.2

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.282

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
facts@wolfssl.com	5.6	0	0	CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-7396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7396

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-7396