CVE-2025-30147: CWE-325: Missing Cryptographic Step in hyperledger besu-native
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto's bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version of Besu is version 25.3.0. As a workaround for versions of Besu with the problem, the native precompile for altbn128 may be disabled in favor of the pure-java implementation. The pure java implementation is significantly slower, but does not have this consensus issue.
AI Analysis
Technical Summary
CVE-2025-30147 is a high-severity vulnerability affecting Hyperledger Besu's native cryptographic library component, besu-native, specifically versions from 0.9.0 up to but not including 1.3.0. Hyperledger Besu is an Ethereum client widely used in enterprise blockchain deployments. The vulnerability arises from a missing cryptographic verification step in the implementation of certain elliptic curve (EC) precompiles: ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles are critical for cryptographic operations on the bn254 curve, used in zero-knowledge proofs and other advanced cryptographic protocols within Ethereum. The besu-native library replaced an older, less performant cryptographic library with gnark-crypto's bn254 implementation starting in version 0.9.0. However, gnark-crypto at that time performed subgroup membership checks but did not verify that EC points were actually on the curve. This subtle but critical omission allowed crafted EC points that are in the correct subgroup but not on the curve to be accepted. Consequently, Besu could produce incorrect results when executing these precompiles, leading to consensus failures in the blockchain network. Such consensus bugs can cause network forks or invalid state transitions, which are particularly problematic for homogeneous Besu networks, as they may enshrine invalid blockchain states that patched clients cannot process correctly. The vulnerability was patched in besu-native 1.3.0 and Besu 25.3.0. As an interim mitigation, affected Besu versions can disable the native precompile implementation and revert to a pure Java implementation, which is slower but does not suffer from this consensus issue. The CVSS 4.0 score is 8.7 (high), reflecting the network attack vector, no required privileges or user interaction, and the high impact on integrity due to consensus failures. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations utilizing Hyperledger Besu in their blockchain infrastructure, this vulnerability poses a significant risk to the integrity and reliability of their distributed ledger systems. Consensus failures can lead to network forks, invalid transaction states, and potential loss of trust in the blockchain data. This is especially critical for financial institutions, supply chain consortia, and public sector entities relying on Besu for transparent and tamper-evident record-keeping. The inability to correctly validate cryptographic operations may disrupt smart contract executions and zero-knowledge proof verifications, potentially halting business processes or causing incorrect contract outcomes. Moreover, homogeneous Besu networks in Europe could face difficulties in upgrading or patching nodes without risking chain splits or data inconsistencies. The performance trade-off when switching to the pure Java implementation may impact transaction throughput and latency, affecting service levels. While no active exploitation is reported, the high severity and fundamental nature of the cryptographic flaw necessitate urgent attention to avoid operational disruptions and maintain compliance with data integrity standards.
Mitigation Recommendations
European organizations should prioritize upgrading to besu-native version 1.3.0 and Hyperledger Besu 25.3.0 or later, where the cryptographic checks have been correctly implemented. Until upgrades can be performed, disabling the native precompile implementation for altbn128 and reverting to the pure Java implementation is recommended to maintain consensus correctness, despite the performance penalty. Network operators should carefully coordinate upgrades across all nodes to prevent chain splits caused by mixed versions. Additionally, organizations should audit their blockchain states for inconsistencies that may have arisen from this vulnerability and consider replaying or reconciling transactions if invalid states are detected. Monitoring for updates from Hyperledger and related cryptographic libraries is essential to stay ahead of any emerging exploits. Implementing rigorous testing of blockchain consensus behavior after patching will help ensure network stability. Finally, organizations should review their cryptographic validation processes and consider integrating additional cryptographic verification layers or anomaly detection to catch malformed inputs that could exploit similar issues in the future.
Affected Countries
Germany, France, Netherlands, United Kingdom, Switzerland, Luxembourg, Belgium, Sweden
CVE-2025-30147: CWE-325: Missing Cryptographic Step in hyperledger besu-native
Description
Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto's bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version of Besu is version 25.3.0. As a workaround for versions of Besu with the problem, the native precompile for altbn128 may be disabled in favor of the pure-java implementation. The pure java implementation is significantly slower, but does not have this consensus issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-30147 is a high-severity vulnerability affecting Hyperledger Besu's native cryptographic library component, besu-native, specifically versions from 0.9.0 up to but not including 1.3.0. Hyperledger Besu is an Ethereum client widely used in enterprise blockchain deployments. The vulnerability arises from a missing cryptographic verification step in the implementation of certain elliptic curve (EC) precompiles: ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles are critical for cryptographic operations on the bn254 curve, used in zero-knowledge proofs and other advanced cryptographic protocols within Ethereum. The besu-native library replaced an older, less performant cryptographic library with gnark-crypto's bn254 implementation starting in version 0.9.0. However, gnark-crypto at that time performed subgroup membership checks but did not verify that EC points were actually on the curve. This subtle but critical omission allowed crafted EC points that are in the correct subgroup but not on the curve to be accepted. Consequently, Besu could produce incorrect results when executing these precompiles, leading to consensus failures in the blockchain network. Such consensus bugs can cause network forks or invalid state transitions, which are particularly problematic for homogeneous Besu networks, as they may enshrine invalid blockchain states that patched clients cannot process correctly. The vulnerability was patched in besu-native 1.3.0 and Besu 25.3.0. As an interim mitigation, affected Besu versions can disable the native precompile implementation and revert to a pure Java implementation, which is slower but does not suffer from this consensus issue. The CVSS 4.0 score is 8.7 (high), reflecting the network attack vector, no required privileges or user interaction, and the high impact on integrity due to consensus failures. No known exploits are reported in the wild as of the publication date.
Potential Impact
For European organizations utilizing Hyperledger Besu in their blockchain infrastructure, this vulnerability poses a significant risk to the integrity and reliability of their distributed ledger systems. Consensus failures can lead to network forks, invalid transaction states, and potential loss of trust in the blockchain data. This is especially critical for financial institutions, supply chain consortia, and public sector entities relying on Besu for transparent and tamper-evident record-keeping. The inability to correctly validate cryptographic operations may disrupt smart contract executions and zero-knowledge proof verifications, potentially halting business processes or causing incorrect contract outcomes. Moreover, homogeneous Besu networks in Europe could face difficulties in upgrading or patching nodes without risking chain splits or data inconsistencies. The performance trade-off when switching to the pure Java implementation may impact transaction throughput and latency, affecting service levels. While no active exploitation is reported, the high severity and fundamental nature of the cryptographic flaw necessitate urgent attention to avoid operational disruptions and maintain compliance with data integrity standards.
Mitigation Recommendations
European organizations should prioritize upgrading to besu-native version 1.3.0 and Hyperledger Besu 25.3.0 or later, where the cryptographic checks have been correctly implemented. Until upgrades can be performed, disabling the native precompile implementation for altbn128 and reverting to the pure Java implementation is recommended to maintain consensus correctness, despite the performance penalty. Network operators should carefully coordinate upgrades across all nodes to prevent chain splits caused by mixed versions. Additionally, organizations should audit their blockchain states for inconsistencies that may have arisen from this vulnerability and consider replaying or reconciling transactions if invalid states are detected. Monitoring for updates from Hyperledger and related cryptographic libraries is essential to stay ahead of any emerging exploits. Implementing rigorous testing of blockchain consensus behavior after patching will help ensure network stability. Finally, organizations should review their cryptographic validation processes and consider integrating additional cryptographic verification layers or anomaly detection to catch malformed inputs that could exploit similar issues in the future.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-03-17T12:41:42.565Z
- Cisa Enriched
- true
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682d9819c4522896dcbd8e07
Added to database: 5/21/2025, 9:08:41 AM
Last enriched: 7/5/2025, 9:54:50 AM
Last updated: 8/16/2025, 5:22:20 AM
Views: 33
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.