CVE-2025-59432
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2025-09-22

Assigner: GitHub, Inc.

Description
SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals was used to compare secret values such as client proofs and server signatures. Since Arrays.equals performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted. This vulnerability has been patched in version 3.1 by replacing Arrays.equals with MessageDigest.isEqual, which ensures constant-time comparison.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2025-09-22
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59432
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ongres scram *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-208 Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
CWE-385 Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-59432 is a timing attack vulnerability in the SCRAM (Salted Challenge Response Authentication Mechanism) Java implementation used before version 3.2. The issue occurs because the code used java.util.Arrays.equals to compare secret authentication values like client proofs and server signatures. Arrays.equals performs a short-circuit comparison, meaning the time it takes to compare depends on how many leading bytes match. This timing difference can be exploited by an attacker to infer sensitive authentication data through a side-channel timing attack. The vulnerability was fixed by replacing Arrays.equals with MessageDigest.isEqual, which performs constant-time comparisons to prevent timing attacks. [1, 3]

Impact Analysis

This vulnerability can allow an attacker to perform a timing side-channel attack to infer sensitive authentication material such as client proofs and server signatures used in SCRAM authentication. Although exploiting this vulnerability requires high precision timing measurements and repeated attempts, it can lead to leakage of sensitive authentication data. There is no direct impact on confidentiality, integrity, or availability of the system, but the potential leakage of authentication secrets can compromise the security of the authentication process. Users relying on SCRAM authentication are impacted and should upgrade to version 3.2 or later to mitigate this risk. [3]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade the SCRAM Java implementation to version 3.2 or later, where the insecure Arrays.equals method has been replaced with the constant-time MessageDigest.isEqual method. This upgrade prevents timing side-channel attacks by ensuring secure comparison of secret authentication values. [3, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59432. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart