CVE-2025-65548

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions nutshell (cashubtc/nuts) versions prior to 0.18.0

Description NUT-14 allows cashu tokens to be created using a preimage hash. In affected versions, the software fails to validate the size of the preimage when a token is spent. Because the mint stores this preimage, an attacker can exploit this lack of validation to fill the mint's database and disk with arbitrary data.

Recommendations Update to version 0.18.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284

Related Identifiers

CVE-2025-65548

PYSEC-2025-89

Affected Products

Nutshell

CVE-2025-65548

Weakness Enumeration

Related Identifiers

Affected Products

References · 16