CVE-2025-59058 is a medium-severity vulnerability affecting the Rust library httpsig-rs, which implements HTTP message signatures according to IETF RFC 9421. The vulnerability arises from an observable timing discrepancy in the HMAC signature comparison function prior to version 0.0.19. Specifically, the comparison is not timing-safe, meaning that the time taken to compare a provided signature against the expected HMAC signature varies depending on how many initial bytes match. This timing difference can be measured by an attacker to incrementally guess the correct signature bytes, effectively enabling a timing attack. Successful exploitation allows an attacker to forge valid HS256 signatures, compromising the integrity of signed HTTP messages. The vulnerability does not affect confidentiality or availability directly but undermines the trustworthiness of message authentication. The flaw is fixed in version 0.0.19 of httpsig-rs by implementing a constant-time comparison function that prevents timing side-channel leakage. The CVSS v3.1 score is 5.9 (medium), reflecting that the attack can be performed remotely without privileges or user interaction but requires high attack complexity due to the need for precise timing measurements and repeated attempts. No known exploits are reported in the wild as of the publication date (September 12, 2025).

For European organizations using the httpsig-rs library versions prior to 0.0.19 in their applications or services that rely on HS256 HTTP message signatures, this vulnerability poses a risk to the integrity of signed HTTP communications. Attackers could forge signatures to impersonate legitimate clients or servers, bypass authentication, or inject malicious requests that appear authentic. This could lead to unauthorized actions, data manipulation, or privilege escalation within affected systems. While confidentiality and availability are not directly impacted, the loss of integrity can undermine trust in critical communication channels, especially in sectors such as finance, healthcare, and government where message authenticity is paramount. The medium CVSS score reflects that exploitation is non-trivial but feasible, and the lack of known exploits suggests a window of opportunity for proactive mitigation. Given the increasing adoption of Rust in secure and performance-sensitive applications across Europe, organizations integrating httpsig-rs should assess their exposure promptly.

1. Immediate upgrade: Organizations should upgrade httpsig-rs to version 0.0.19 or later, where the timing-safe comparison is implemented. 2. Code audit: Review all applications and services that use httpsig-rs for HS256 signature verification to confirm the library version and usage patterns. 3. Implement rate limiting and anomaly detection on endpoints verifying signatures to detect and mitigate repeated timing attack attempts. 4. Use additional layers of authentication or message integrity verification where feasible to reduce reliance on a single signature mechanism. 5. Monitor network traffic for unusual patterns indicative of timing attack probing, such as high-frequency signature verification requests with varying inputs. 6. Educate developers about timing attacks and the importance of constant-time cryptographic operations to prevent similar vulnerabilities in custom code.