Signature Malleability Vulnerability in gnark Framework by Consensys
CVE-2025-57801

8.6HIGH

Key Information:

Vendor: Consensys
Status: Gnark
Vendor: CVE Published:; 22 August 2025

What is CVE-2025-57801?

The gnark framework, developed by Consensys, has been found to contain a signature malleability vulnerability in versions prior to 0.14.0. This vulnerability arises from the Verify function not properly asserting the conditions on the S value of a signature, which should be within the specified range. As a result, it permits the existence of multiple valid signatures for the same message, potentially enabling malicious actors to exploit this flaw for double spending in systems that depend on unique transaction identifiers. This issue has been rectified in version 0.14.0, which reinforces the necessary constraints to prevent such vulnerabilities.

Affected Version(s)

gnark < 0.14.0

References

https://github.com/Consensys/gnark/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Consensys/gnark/commit/0ba6730f05537a3...

x_refsource_MISC

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2025
Vulnerability Reserved
Aug 20, 2025