CVE-2025-52473: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in open-quantum-safe liboqs
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.
CVE-2025-52473: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in open-quantum-safe liboqs
Description
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-06-17T02:28:39.717Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68700df4a83201eaaca957d5
Added to database: 7/10/2025, 7:01:08 PM
Last updated: 7/10/2025, 7:01:08 PM
Views: 1
Related Threats
CVE-2025-28245: n/a
UnknownCVE-2025-28244: n/a
UnknownCVE-2025-53503: CWE-64: Windows Shortcut Following (.LNK) in Trend Micro, Inc. Trend Micro Cleaner One Pro
HighCVE-2025-53378: CWE-306: Missing Authentication for Critical Function in Trend Micro, Inc. Trend Micro Worry-Free Business Security Services
HighCVE-2025-52837: CWE-64: Windows Shortcut Following (.LNK) in Trend Micro, Inc. Trend Micro Password Manager
HighActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.