CVE-2025-7396

EPSS 0.03%
Published 18.07.2025 22:51:18
Last modified 22.07.2025 13:06:07
Source facts@wolfssl.com
Teams watchlist Login
Open Login

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorwolfSSL

≫

Product wolfSSL

Default Statusunknown

Version 5.8.0; 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.085

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
facts@wolfssl.com	5.6	0	0	CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

https://nvd.nist.gov/vuln/detail/CVE-2025-7396

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7396

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7396

EUVD