CVE-2025-48946: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in open-quantum-safe liboqs
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.
AI Analysis
Technical Summary
CVE-2025-48946 identifies a cryptographic vulnerability in the open-quantum-safe project's liboqs library, specifically affecting versions prior to 0.13.0. liboqs is a C-language library designed to provide implementations of post-quantum cryptography algorithms, which are intended to be secure against attacks from quantum computers. The vulnerability concerns the HQC (Hamming Quasi-Cyclic) algorithm, which has a theoretical design flaw leading to a large number of malformed ciphertexts sharing the same implicit rejection value. This flaw means that the algorithm does not provide the expected level of security guarantees, particularly in protocols involving key derivation. Although no concrete attacks exploiting this flaw are currently known, the weakness implies that HQC's security assurances are weaker than those of other algorithms like Kyber or ML-KEM, which are also implemented in liboqs. Due to this, HQC has been disabled by default starting with liboqs version 0.13.0, pending an updated algorithm specification from the HQC team. The vulnerability is classified under CWE-327, which relates to the use of broken or risky cryptographic algorithms. The CVSS v3.1 score is 3.7 (low severity), reflecting the low likelihood of exploitation and limited impact on confidentiality, integrity, and availability. No patches are currently available, and no known exploits exist in the wild. Users of liboqs are advised to avoid using the HQC algorithm in security-critical applications, especially those involving key derivation, until a secure update is released.
Potential Impact
For European organizations, the impact of this vulnerability is currently limited but should not be ignored. Organizations experimenting with or deploying post-quantum cryptography solutions using liboqs versions prior to 0.13.0 and specifically enabling the HQC algorithm may face risks related to weakened cryptographic assurances. This could potentially lead to subtle cryptographic failures or reduced resistance to future cryptanalysis, undermining the confidentiality of sensitive communications or key material. However, since no active exploits or practical attacks are known, immediate risk is low. The main concern is for organizations involved in research, development, or early adoption of post-quantum cryptographic protocols, such as governmental agencies, financial institutions, and critical infrastructure operators who prioritize quantum-resistant security. The flaw could delay the secure deployment of post-quantum cryptography, impacting long-term cryptographic agility strategies. Given the growing interest in quantum-safe cryptography in Europe, especially within the EU's cybersecurity initiatives, this vulnerability highlights the importance of cautious algorithm selection and staying current with library updates.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Immediately audit their cryptographic libraries and protocols to identify any use of liboqs versions prior to 0.13.0 and check if the HQC algorithm is enabled. 2) Disable the HQC algorithm in all deployments until a secure update or revised algorithm specification is released by the HQC team. 3) Prefer alternative post-quantum algorithms with stronger security guarantees such as Kyber or ML-KEM, which are supported by liboqs and do not exhibit this flaw. 4) Monitor the open-quantum-safe project and HQC team communications for updates and patches, planning timely upgrades to liboqs 0.13.0 or later. 5) For organizations developing custom protocols, conduct thorough cryptographic reviews to avoid relying on HQC for key derivation or other critical operations. 6) Engage with cryptographic experts to assess the impact of this vulnerability on ongoing quantum-safe initiatives and adjust risk management accordingly. 7) Incorporate this vulnerability into supply chain risk assessments, ensuring third-party vendors are not using vulnerable versions of liboqs with HQC enabled.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Belgium, Italy
CVE-2025-48946: CWE-327: Use of a Broken or Risky Cryptographic Algorithm in open-quantum-safe liboqs
Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.
AI-Powered Analysis
Technical Analysis
CVE-2025-48946 identifies a cryptographic vulnerability in the open-quantum-safe project's liboqs library, specifically affecting versions prior to 0.13.0. liboqs is a C-language library designed to provide implementations of post-quantum cryptography algorithms, which are intended to be secure against attacks from quantum computers. The vulnerability concerns the HQC (Hamming Quasi-Cyclic) algorithm, which has a theoretical design flaw leading to a large number of malformed ciphertexts sharing the same implicit rejection value. This flaw means that the algorithm does not provide the expected level of security guarantees, particularly in protocols involving key derivation. Although no concrete attacks exploiting this flaw are currently known, the weakness implies that HQC's security assurances are weaker than those of other algorithms like Kyber or ML-KEM, which are also implemented in liboqs. Due to this, HQC has been disabled by default starting with liboqs version 0.13.0, pending an updated algorithm specification from the HQC team. The vulnerability is classified under CWE-327, which relates to the use of broken or risky cryptographic algorithms. The CVSS v3.1 score is 3.7 (low severity), reflecting the low likelihood of exploitation and limited impact on confidentiality, integrity, and availability. No patches are currently available, and no known exploits exist in the wild. Users of liboqs are advised to avoid using the HQC algorithm in security-critical applications, especially those involving key derivation, until a secure update is released.
Potential Impact
For European organizations, the impact of this vulnerability is currently limited but should not be ignored. Organizations experimenting with or deploying post-quantum cryptography solutions using liboqs versions prior to 0.13.0 and specifically enabling the HQC algorithm may face risks related to weakened cryptographic assurances. This could potentially lead to subtle cryptographic failures or reduced resistance to future cryptanalysis, undermining the confidentiality of sensitive communications or key material. However, since no active exploits or practical attacks are known, immediate risk is low. The main concern is for organizations involved in research, development, or early adoption of post-quantum cryptographic protocols, such as governmental agencies, financial institutions, and critical infrastructure operators who prioritize quantum-resistant security. The flaw could delay the secure deployment of post-quantum cryptography, impacting long-term cryptographic agility strategies. Given the growing interest in quantum-safe cryptography in Europe, especially within the EU's cybersecurity initiatives, this vulnerability highlights the importance of cautious algorithm selection and staying current with library updates.
Mitigation Recommendations
European organizations should take the following specific actions: 1) Immediately audit their cryptographic libraries and protocols to identify any use of liboqs versions prior to 0.13.0 and check if the HQC algorithm is enabled. 2) Disable the HQC algorithm in all deployments until a secure update or revised algorithm specification is released by the HQC team. 3) Prefer alternative post-quantum algorithms with stronger security guarantees such as Kyber or ML-KEM, which are supported by liboqs and do not exhibit this flaw. 4) Monitor the open-quantum-safe project and HQC team communications for updates and patches, planning timely upgrades to liboqs 0.13.0 or later. 5) For organizations developing custom protocols, conduct thorough cryptographic reviews to avoid relying on HQC for key derivation or other critical operations. 6) Engage with cryptographic experts to assess the impact of this vulnerability on ongoing quantum-safe initiatives and adjust risk management accordingly. 7) Incorporate this vulnerability into supply chain risk assessments, ensuring third-party vendors are not using vulnerable versions of liboqs with HQC enabled.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-28T18:49:07.583Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683a06f1182aa0cae2bd9a38
Added to database: 5/30/2025, 7:28:49 PM
Last enriched: 7/8/2025, 1:43:57 PM
Last updated: 8/17/2025, 12:25:38 PM
Views: 22
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.