FKIE_CVE-2025-14505

Vulnerability from fkie_nvd - Published: 2026-01-08 21:15 - Updated: 2026-04-15 00:35
Severity ?
5.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).
References
36c7be3b-2937-45df-85ea-ca7133ea542chttps://github.com/indutny/elliptic/issues/321
36c7be3b-2937-45df-85ea-ca7133ea542chttps://www.herodevs.com/vulnerability-directory/cve-2025-14505
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of \u0027k\u0027 (as computed based on step 3.2 of  RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of \u0027k\u0027 is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result.\u00a0Furthermore, due to the nature of the fault, attackers could\u2013under certain conditions\u2013derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs.\n\nThis issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1)."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de ECDSA del paquete Elliptic genera firmas incorrectas si un valor intermedio de \u0027k\u0027 (calculado seg\u00fan el paso 3.2 de RFC 6979 HTTPS://datatracker.ietf.org/doc/html/rfc6979 ) tiene ceros iniciales y es susceptible a criptoan\u00e1lisis, lo que puede llevar a la exposici\u00f3n de la clave secreta. Esto ocurre porque la longitud en bytes de \u0027k\u0027 se calcula incorrectamente, lo que resulta en su truncamiento durante el c\u00e1lculo. Las transacciones o comunicaciones leg\u00edtimas se romper\u00e1n como resultado. Adem\u00e1s, debido a la naturaleza del fallo, los atacantes podr\u00edan \u2013bajo ciertas condiciones\u2013 derivar la clave secreta, si pudieran obtener tanto una firma defectuosa generada por una versi\u00f3n vulnerable de Elliptic como una firma correcta para las mismas entradas.\n\nEste problema afecta a todas las versiones conocidas de Elliptic (en el momento de escribir esto, versiones menores o iguales a 6.6.1)."
    }
  ],
  "id": "CVE-2025-14505",
  "lastModified": "2026-04-15T00:35:42.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.4,
        "source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-01-08T21:15:42.023",
  "references": [
    {
      "source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
      "url": "https://github.com/indutny/elliptic/issues/321"
    },
    {
      "source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
      "url": "https://www.herodevs.com/vulnerability-directory/cve-2025-14505"
    }
  ],
  "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1240"
        }
      ],
      "source": "36c7be3b-2937-45df-85ea-ca7133ea542c",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.