Vulnerability Details CVE-2025-57801
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S < order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack essential constraints, multiple distinct witnesses can satisfy the same public inputs. In protocols where nullifiers or anti-replay checks are derived from R and S, this enables signature malleability and may allow double spending. This issue has been addressed in version 0.14.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.5%
CVSS Severity
CVSS v3 Score 9.1
References
Products affected by CVE-2025-57801
-
cpe:2.3:a:consensys:gnark:0.1.0
-
cpe:2.3:a:consensys:gnark:0.2.0
-
cpe:2.3:a:consensys:gnark:0.2.1
-
cpe:2.3:a:consensys:gnark:0.3.0
-
cpe:2.3:a:consensys:gnark:0.3.1
-
cpe:2.3:a:consensys:gnark:0.3.3
-
cpe:2.3:a:consensys:gnark:0.3.4
-
cpe:2.3:a:consensys:gnark:0.3.5
-
cpe:2.3:a:consensys:gnark:0.3.6
-
cpe:2.3:a:consensys:gnark:0.3.7
-
cpe:2.3:a:consensys:gnark:0.3.8
-
cpe:2.3:a:consensys:gnark:0.4.0
-
cpe:2.3:a:consensys:gnark:0.5.0
-
cpe:2.3:a:consensys:gnark:0.5.1
-
cpe:2.3:a:consensys:gnark:0.5.2
-
cpe:2.3:a:consensys:gnark:0.6.0
-
cpe:2.3:a:consensys:gnark:0.6.1
-
cpe:2.3:a:consensys:gnark:0.6.2
-
cpe:2.3:a:consensys:gnark:0.6.3
-
cpe:2.3:a:consensys:gnark:0.6.4
-
cpe:2.3:a:consensys:gnark:0.6.5
-
cpe:2.3:a:consensys:gnark:0.7.0
-
cpe:2.3:a:consensys:gnark:0.7.1
-
cpe:2.3:a:consensys:gnark:0.8.0
-
cpe:2.3:a:consensys:gnark:0.8.1
-
cpe:2.3:a:consensys:gnark:0.9.0