cvedb.io
CVE-2025-57801
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2025-08-22T20:15:33.080 · Last modified 2026-06-17T09:43:27.693

Summary

gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0.

Affected products

consensys — gnark

Does this affect you?

Add your gear to cvedb and we'll alert you only when consensys ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.