Unrated severityOSV Advisory· Published Dec 8, 2025· Updated Dec 11, 2025
CVE-2025-65548
CVE-2025-65548
Description
NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
6- bitcointalk.org/index.phpmitre
- delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090mitre
- github.com/cashubtc/nuts/blob/main/07.mdmitre
- github.com/cashubtc/nuts/blob/main/14.mdmitre
- github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.mdmitre
- preimage007.github.iomitre
News mentions
0No linked articles in our index yet.