cvedb.io
CVE-2025-52473
MEDIUM · CVSS 5.9
EPSS exploitation probability: 0%
Published 2025-07-10T19:15:25.387 · Last modified 2026-06-17T09:36:33.577

Summary

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.

Affected products

openquantumsafe — liboqs

Does this affect you?

Add your gear to cvedb and we'll alert you only when openquantumsafe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.