CVE-2025-14505
Unknown Unknown - Not Provided
ECDSA Signature Fault in Elliptic ≤6.6.1 Enables Key Exposure

Publication date: 2026-01-08

Last updated on: 2026-01-08

Assigner: HeroDevs

Description
The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This happens, because the byte-length of 'k' is incorrectly computed, resulting in its getting truncated during the computation. Legitimate transactions or communications will be broken as a result. Furthermore, due to the nature of the fault, attackers could–under certain conditions–derive the secret key, if they could get their hands on both a faulty signature generated by a vulnerable version of Elliptic and a correct signature for the same inputs. This issue affects all known versions of Elliptic (at the time of writing, versions less than or equal to 6.6.1).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-08
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14505
EUVD
EUVD-2026-1445
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
unknown_vendor elliptic to 6.6.1 (inc)
unknown_vendor elliptic to 6.5.7 (inc)
herodevs nes_for_elliptic 6.6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1240 To fulfill the need for a cryptographic primitive, the product implements a cryptographic algorithm using a non-standard, unproven, or disallowed/non-compliant cryptographic implementation.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is in the Elliptic JavaScript library's ECDSA implementation, where the nonce value 'k' used in signature generation is incorrectly truncated if it has leading zeros. This happens because the byte-length of 'k' is miscalculated during computation following RFC 6979. As a result, signatures generated can be invalid, breaking legitimate transactions or communications. More seriously, if an attacker obtains both a faulty signature from a vulnerable Elliptic version and a correct signature for the same input and key, they may be able to derive the secret private key, leading to key exposure. [1]

Impact Analysis

The vulnerability can cause legitimate transactions or communications that rely on ECDSA signatures to fail due to invalid signatures. More critically, it can lead to secret key exposure if an attacker obtains both a faulty and a correct signature for the same input, allowing them to derive the private key. This compromises the security of cryptographic operations, potentially allowing attackers to impersonate users, forge signatures, or decrypt sensitive data. Users of vulnerable Elliptic versions should revoke any keys used and migrate to patched or alternative implementations to prevent compromise. [1]

Detection Guidance

This vulnerability can be detected by comparing signatures generated by the vulnerable Elliptic library (versions ≤ 6.6.1) against signatures generated by a non-faulty library such as @noble/curves. A proof-of-concept script exists that demonstrates the signature discrepancy. Specifically, you can generate signatures for the same input using both libraries and check for differences, which indicate the presence of the vulnerability. There are no specific network or system commands provided, but running such signature comparison scripts in your environment can help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include migrating away from the vulnerable Elliptic library versions (≤ 6.6.1) to a patched or alternative implementation. HeroDevs provides a patched version called NES for Elliptic v6.6.3, which is a secure drop-in replacement. Additionally, users should revoke and invalidate any cryptographic keys that were used with vulnerable versions to prevent potential secret key exposure. Using commercial support like HeroDevs NES to receive patches and security updates is also recommended. [1]

Compliance Impact

The vulnerability in the Elliptic library's ECDSA implementation can lead to secret key exposure, which compromises the confidentiality and integrity of cryptographic operations. This exposure risks unauthorized access to sensitive data and communications, potentially violating data protection requirements under standards like GDPR and HIPAA. Organizations using vulnerable versions must revoke affected keys and migrate to patched implementations to maintain compliance and protect sensitive information. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14505. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart