CVE-2025-57801

Name of the Vulnerable Software and Affected Versions: gnark versions prior to 0.14.0

Description: gnark is a zero-knowledge proof system framework. The Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability issue. This is due to a lack of essential constraints in gnark’s native EdDSA and ECDSA circuits, allowing multiple distinct witnesses to satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending.

Recommendations: Update to version 0.14.0 to resolve this issue.