Public Key Signing Vulnerability in ed25519-dalek Library by Rust
CVE-2022-50237

5.9MEDIUM

Key Information:

Vendor: Dalek-cryptography
Status: Ed25519-dalek
Vendor: CVE Published:; 28 July 2025

🔔 Create Dalek-cryptography Vulnerability Alert

What is CVE-2022-50237?

The ed25519-dalek crate prior to version 2 exhibits a vulnerability in its Keypair implementation, allowing attackers to perform a double public key signing function oracle attack. This flaw enables malicious actors to execute a straightforward computation process to extract a private key, potentially compromising sensitive data and cryptographic integrity. Users are advised to update to the latest version to mitigate this risk.

Affected Version(s)

ed25519-dalek 0 < 2

References

https://rustsec.org/advisories/RUSTSEC-2022-0093.html

https://github.com/MystenLabs/ed25519-unsafe-libs

https://crates.io/crates/ed25519-dalek

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 28, 2025
Vulnerability Reserved
Jul 28, 2025