CVE-2025-57801 is a high-severity cryptographic signature verification vulnerability affecting versions of Consensys' gnark framework prior to 0.14.0. Gnark is a zero-knowledge proof system framework that supports native EdDSA and ECDSA signature circuits. The vulnerability arises from improper verification of the S value in cryptographic signatures within the Verify function in eddsa.go and ecdsa.go. Specifically, the code fails to assert that the signature component S satisfies the condition 0 ≤ S < order, which is a fundamental requirement to prevent signature malleability. Signature malleability allows multiple distinct signatures to be considered valid for the same message, undermining the uniqueness and integrity of signatures. In gnark's context, this is exacerbated because its native EdDSA and ECDSA circuits lack essential constraints, allowing multiple distinct witnesses to satisfy the same public inputs. This flaw can be exploited in protocols that derive nullifiers or anti-replay checks from the signature components R and S, enabling attackers to manipulate signatures to bypass replay protections or double spend tokens. The vulnerability does not require authentication or user interaction to exploit but requires local access (AV:L) to the vulnerable system. The CVSS 4.0 score is 8.6 (high), reflecting the high impact on confidentiality and integrity, with limited availability impact. The issue was addressed in gnark version 0.14.0 by adding proper constraints and verification checks on the S value to prevent malleability. No known exploits are currently reported in the wild.

For European organizations leveraging gnark for zero-knowledge proof implementations—particularly in blockchain, privacy-preserving protocols, or cryptographic applications—this vulnerability poses a significant risk. Exploitation could allow attackers to forge or manipulate signatures, leading to double spending or replay attacks in financial or identity systems. This undermines trust in cryptographic guarantees, potentially causing financial losses, regulatory non-compliance (especially under GDPR if data integrity is compromised), and reputational damage. Given the growing adoption of zero-knowledge proofs in privacy-sensitive sectors such as finance, healthcare, and government services in Europe, the impact could be widespread. The vulnerability could also affect interoperability and security of cross-border transactions and services relying on gnark-based proofs. Although no exploits are known yet, the high severity and ease of exploitation without authentication suggest that threat actors could develop attacks rapidly once the vulnerability is public knowledge.

European organizations using gnark should immediately upgrade to version 0.14.0 or later, where the vulnerability is fixed. Beyond upgrading, organizations should audit their use of gnark’s EdDSA and ECDSA circuits to ensure that signature verification is correctly implemented and that no custom modifications reintroduce malleability risks. It is advisable to implement additional application-layer checks for signature uniqueness and replay protection, such as maintaining nonce or nullifier state independently of signature components. Security teams should conduct thorough code reviews and penetration testing focusing on signature handling and zero-knowledge proof validation. Monitoring for anomalous transaction patterns indicative of double spending or replay attacks should be enhanced. For critical systems, consider isolating gnark-based components and applying strict access controls to limit local exploitation opportunities. Finally, maintain awareness of updates from Consensys and the gnark project for any further patches or advisories.