Vulnerability in CIRCL's FourQ Elliptic Curve Implementation
CVE-2025-8556

3.7LOW

Key Information:

Vendor: Red Hat
Status: Builds For Red Hat Openshift; Custom Metric Autoscaler Operator For Red Hat Openshift; Multicluster Global Hub; Openshift Pipelines
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-8556?

A vulnerability in CIRCL's implementation of the FourQ elliptic curve allows attackers to exploit session security weaknesses. By leveraging low-order point injection and inadequate point validation during Diffie-Hellman key exchanges, an attacker can potentially compromise the integrity of secure communications. This flaw highlights the importance of rigorous point validation in cryptographic implementations.

References

https://access.redhat.com/security/cve/CVE-2025-8556

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2371624

issue-trackingx_refsource_REDHAT

https://github.com/cloudflare/circl

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Aug 4, 2025

Red Hat

What is CVE-2025-8556?

References

CVSS V3.1

Timeline