CVE-2025-53940

Name of the Vulnerable Software and Affected Versions Quiet versions 6.1.0-alpha.4 and below

Description Quiet’s API for backend/frontend communication used an insecure, not constant-time comparison function for token verification. This allowed for a potential timing attack where an attacker could attempt to guess the entire token one character at a time by observing slight differences in response times.

Recommendations Upgrade to version 6.0.1.