CVE-2025-58157

EUVD-2025-28663
gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This is because the algorithm didn't converge quickly enough for some of the inputs. This issue has been patched in version 0.13.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Affected Products (NVD)
VendorProductVersion
consensysgnark
0.12.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Consensys/gnark-crypto/commit/56600883e0e9f9b159e9c7000b94e76185ec3d0d
https://github.com/Consensys/gnark/commit/68be6cede36e387ab760725beabd3c96cc94e6dc
https://github.com/Consensys/gnark/issues/1483
https://github.com/Consensys/gnark/security/advisories/GHSA-9fvj-xqr2-xwg8