CVE-2025-58157 is a high-severity vulnerability affecting version 0.12.0 of Consensys' gnark, a zero-knowledge proof system framework widely used in cryptographic applications. The vulnerability is classified under CWE-400, indicating uncontrolled resource consumption. Specifically, the issue arises during scalar multiplication computations when using the fake-GLV algorithm. The algorithm fails to converge quickly enough for certain inputs, leading to excessive resource usage that can cause a denial of service (DoS). This means an attacker can craft inputs that cause the system to consume excessive CPU or memory resources, potentially rendering the gnark-based service unresponsive or crashing it. The vulnerability does not impact confidentiality or integrity but severely affects availability. It can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vendor has addressed this issue in version 0.13.0 by improving the convergence behavior of the fake-GLV algorithm, mitigating the risk of resource exhaustion. No known exploits are currently reported in the wild, but the ease of exploitation and the critical role of gnark in cryptographic proofs make this a significant threat for affected deployments.

For European organizations leveraging gnark 0.12.0 in blockchain, privacy-preserving applications, or cryptographic proof systems, this vulnerability poses a substantial risk to service availability. A successful DoS attack could disrupt critical operations relying on zero-knowledge proofs, such as confidential transactions, identity verification, or secure multiparty computations. This disruption could lead to operational downtime, loss of trust from clients or partners, and potential financial consequences. Given the increasing adoption of zero-knowledge proofs in European fintech, legal tech, and privacy-focused sectors, the impact could extend to regulatory compliance challenges if services become unavailable during critical periods. Furthermore, organizations providing zero-knowledge proof services as part of infrastructure or SaaS offerings may face reputational damage and customer churn if exploited.

European organizations should urgently upgrade gnark to version 0.13.0 or later, where the vulnerability has been patched. In addition, they should implement input validation and rate limiting on scalar multiplication requests to prevent abuse with malicious inputs that trigger the fake-GLV algorithm's slow convergence. Monitoring resource usage patterns and setting thresholds for CPU and memory consumption can help detect and mitigate ongoing attacks. Deploying gnark within containerized or sandboxed environments with resource quotas can limit the impact of potential DoS attempts. Organizations should also review their cryptographic workflows to identify any dependencies on vulnerable gnark versions and coordinate with vendors or internal teams to ensure timely patching. Finally, maintaining an incident response plan that includes DoS scenarios related to cryptographic components will improve resilience.