Skip to main content

CVE-2025-52473: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in open-quantum-safe liboqs

Medium
VulnerabilityCVE-2025-52473cvecve-2025-52473cwe-200
Published: Thu Jul 10 2025 (07/10/2025, 18:42:17 UTC)
Source: CVE Database V5
Vendor/Project: open-quantum-safe
Product: liboqs

Description

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-06-17T02:28:39.717Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68700df4a83201eaaca957d5

Added to database: 7/10/2025, 7:01:08 PM

Last updated: 7/10/2025, 7:01:08 PM

Views: 1

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats