CVE-2025-69287

Name of the Vulnerable Software and Affected Versions BSV Blockchain SDK versions prior to 2.0.0

Description A cryptographic issue exists in the BSV Blockchain SDK's BRC-104 authentication implementation. Specifically, incorrect signature data preparation in the Peer.ts file, within the processInitialRequest and processInitialResponse methods, leads to signature incompatibility between SDK implementations and potential authentication bypass. The SDK incorrectly concatenates base64-encoded nonce strings before decoding, resulting in approximately 32-34 bytes of signature data instead of the expected 64 bytes. This incompatibility prevents successful authentication when the TypeScript SDK interacts with Go or Python SDKs. The issue stems from the incorrect handling of base64 padding characters during decoding.

Recommendations Upgrade to version 2.0.0 or later to ensure correct cryptographic signature generation and restore proper mutual authentication across implementations.