CVE-2025-8556
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-06
Last updated on: 2026-02-25
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cloudflare | circl | 1.6.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
| CWE-347 | The product does not verify, or incorrectly verifies, the cryptographic signature for data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a flaw in CIRCL's implementation of the FourQ elliptic curve, where an attacker can exploit low-order point injection and incorrect point validation during the Diffie-Hellman key exchange process to compromise session security.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to compromise the security of a session by manipulating the key exchange process, potentially leading to unauthorized access or interception of sensitive communication.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70