PT-2025-32144 · Circl+2 · Circl+2

Alon Livne

Published

2025-01-01

Updated

2026-02-25

CVE-2025-8556

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions CIRCL (affected versions not specified)

Description A flaw exists in CIRCL’s implementation of the FourQ elliptic curve. This issue allows an attacker to compromise session security through low-order point injection and incorrect point validation during Diffie-Hellman key exchange.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-20CWE-1287

Related Identifiers

CVE-2025-8556

ECHO-6134-C525-36A8

GHSA-2X5J-VHC8-9CWM

GHSA-522R-9946-FW43

GO-2025-3754

OPENSUSE-SU-2026:10013-1

OPENSUSE-SU-2026:20730-1

SUSE-SU-2026:0439-1

Affected Products

Circl

Debian

Red Os

PT-2025-32144 · Circl+2 · Circl+2

CVE-2025-8556

Weakness Enumeration

Related Identifiers

Affected Products

References · 50