CVE-2025-59058

CVSS v3.1

5.9

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: httpsig-rs versions prior to 0.0.19

Description: httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. The HMAC signature comparison is not timing-safe in versions prior to 0.0.19, potentially allowing an attacker to forge a signature.

Recommendations: Update to version 0.0.19 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208

Related Identifiers

CVE-2025-59058

GHSA-Q7PG-9PR4-MRP2

Affected Products

Httpsig-Rs

CVE-2025-59058

Weakness Enumeration

Related Identifiers

Affected Products

References · 9