Curve25519 Blinding Vulnerability in wolfSSL by wolfSSL
CVE-2025-7396

5.6MEDIUM

Key Information:

Vendor: Wolfssl
Status: Wolfssl
Vendor: CVE Published:; 18 July 2025

What is CVE-2025-7396?

The recent release of wolfSSL version 5.8.2 has introduced a security feature where blinding support for Curve25519 is enabled by default in relevant builds. While designed to bolster defenses against side-channel attacks, particularly during private key extraction, this blinding technique is exclusively pertinent to the base C implementation. It is not applicable to ARM and Intel assembly builds or the small Curve25519 feature. Although executing a side-channel attack in practical scenarios is notably challenging, the incorporation of blinding provides enhanced security for environments vulnerable to physical access or observation exploits.

Affected Version(s)

wolfSSL 5.8.0; 0

References

https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog....

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 18, 2025
Vulnerability Reserved
Jul 9, 2025

Credit

Arnaud Varillon

Laurent Sauvage

Allan Delautre