Denial of Service Vulnerability in gnark Zero-Knowledge Proof System by Consensys
CVE-2025-58157

7.5HIGH

Key Information:

Vendor

Consensys

Status
Gnark
Vendor
CVE Published:
29 August 2025

What is CVE-2025-58157?

In version 0.12.0 of gnark, a zero-knowledge proof systems framework developed by Consensys, a denial of service vulnerability can be triggered during the scalar multiplication computation with the fake-GLV algorithm. This vulnerability occurs when the algorithm fails to converge within an acceptable timeframe for certain inputs, potentially leading to service disruption. The issue has since been resolved in version 0.13.0, which mitigates this vulnerability through optimized algorithm performance.

Affected Version(s)

gnark = 0.12.0

References

https://github.com/Consensys/gnark/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/Consensys/gnark/issues/1483
x_refsource_MISC
https://github.com/Consensys/gnark-crypto/commit/56600883...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-58157 : Denial of Service Vulnerability in gnark Zero-Knowledge Proof System by Consensys