Low severity3.7NVD Advisory· Published Aug 6, 2025· Updated Apr 15, 2026
CVE-2025-8556
CVE-2025-8556
Description
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/cloudflare/circlGo | < 1.6.1 | 1.6.1 |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-2x5j-vhc8-9cwmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-8556ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-8556nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/cloudflare/circl/security/advisories/GHSA-2x5j-vhc8-9cwmnvdWEB
- github.com/cloudflare/circl/tree/v1.6.1nvdWEB
- news.ycombinator.com/itemnvdWEB
- www.botanica.software/blog/cryptographic-issues-in-cloudflares-circl-fourq-implementationnvdWEB
News mentions
0No linked articles in our index yet.