VYPR
Unrated severityOSV Advisory· Published Dec 8, 2025· Updated Dec 11, 2025

CVE-2025-65548

CVE-2025-65548

Description

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cashubtc/NutshellOSV2 versions
    0.10.0, 0.12.0, 0.12.1, …+ 1 more
    • (no CPE)range: 0.10.0, 0.12.0, 0.12.1, …
    • (no CPE)range: <0.18.0

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.

CVE-2025-65548 · VYPR