CVE-2025-58157

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions gnark versions prior to 0.13.0

Description gnark is a zero-knowledge proof system framework. A denial of service issue can occur when computing scalar multiplication using the fake-GLV algorithm in versions prior to 0.13.0. This is due to the algorithm not converging quickly enough for certain inputs, potentially causing the prover to get stuck in a slow loop if accepting untrusted witness data.

Recommendations Update gnark to version 0.13.0 or later. Update the gnark-crypto dependency to the fixed version.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2025-58157

GHSA-9FVJ-XQR2-XWG8

GO-2025-3929

OPENSUSE-SU-2025:15564-1

SUSE-SU-2025:03289-1

Affected Products

Gnark

Gnark-Crypto

CVE-2025-58157

Weakness Enumeration

Related Identifiers

Affected Products

References · 51