CVE-2025-7396Covert Timing Channel in Wolfssl

CWE-385Covert Timing Channel4 documents4 sources
Severity
5.6MEDIUMNVD
EPSS
0.0%
top 88.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WolfsslDebian Wolfssl
Timeline
PublishedJul 18
Latest updateJul 19

Description

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more sus

CVSS vector

CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Affected Packages3 packages

CVEListV5wolfssl/wolfssl5.8.0; 0
NVDwolfssl/wolfssl5.8.2

🔴Vulnerability Details

2
GHSA
GHSA-h9v3-wvxh-4mwp: In wolfSSL release 52025-07-19
OSV
CVE-2025-7396: In wolfSSL release 52025-07-18

📋Vendor Advisories

1
Debian
CVE-2025-7396: wolfssl - In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519...2025
CVE-2025-7396 — Covert Timing Channel in Wolfssl | cvebase