CVE-2025-8556

EUVD-2025-23815
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Debian logo
Debian Releases
Debian Product
Codename
golang-github-cloudflare-circl
bookworm
no-dsa
bullseye
postponed
forky
1.6.3-1
fixed
sid
1.6.4-2
fixed
trixie
1.6.1-1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-ssm-agent
Amazon Linux 2
0:3.3.3572.0-1.amzn2
fixed
Amazon Linux 2023
0:3.3.3572.0-1.amzn2023
fixed