216.73.217.22

CVE-2025-7396

· Published 18/07/2025 23:15 · Modified 18/07/2025 23:15

Labels: CVE-2025-7396 2025-07-18CVE-2025-7396[email protected]

Essential information

Published
18/07/2025 23:15
Modified
18/07/2025 23:15
Author
Creator
CVSS
5.6 MEDIUM (v3) 5.6 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wolfssl / wolfssl cpe:2.3:a:wolfssl:wolfssl:5.8.2:*:*:*:*:*:*:*

References