The vulnerability identified as CVE-2025-64767 affects hpke-js, a JavaScript library implementing Hybrid Public Key Encryption (HPKE) on top of the Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API suffers from a race condition that causes the reuse of the same AEAD nonce for multiple encryption operations. In AEAD schemes, nonce reuse with the same key is a critical cryptographic flaw that can lead to catastrophic failures, including the ability for attackers to decrypt ciphertexts or forge messages, thereby completely compromising confidentiality and integrity. The race condition likely arises from concurrent Seal() calls sharing state without proper synchronization, causing nonce values to collide. This vulnerability is remotely exploitable without any privileges or user interaction, making it highly dangerous. The CVSS v3.1 score is 9.1 (critical), reflecting the high impact and ease of exploitation. The issue was publicly disclosed and patched in hpke-js version 1.7.5. No known exploits have been reported in the wild yet, but the severity and nature of the flaw make it a prime target for attackers. Organizations relying on hpke-js for secure communications or data protection should urgently update to the patched version to prevent potential data breaches or message tampering.

For European organizations, the impact of this vulnerability is severe. Any system using vulnerable versions of hpke-js for encrypting sensitive communications or data is at risk of having encrypted messages decrypted or altered by attackers, leading to loss of confidentiality and integrity. This can result in exposure of personal data protected under GDPR, intellectual property theft, fraud, or disruption of secure communications. Sectors such as finance, healthcare, government, and critical infrastructure that rely on secure messaging or cryptographic protections are particularly vulnerable. The vulnerability's remote exploitability and lack of need for authentication increase the risk of widespread exploitation. Additionally, compromised cryptographic assurances can undermine trust in digital services and lead to regulatory penalties if data breaches occur. The absence of known exploits currently provides a window for proactive mitigation, but the critical nature demands immediate action.

The primary mitigation is to upgrade all instances of hpke-js to version 1.7.5 or later, where the race condition and nonce reuse issue have been fixed. Organizations should audit their codebases and dependencies to identify any usage of hpke-js and verify the version in use. For environments where immediate upgrade is not feasible, implementing strict concurrency controls around Seal() calls to prevent simultaneous invocations may reduce risk temporarily, though this is not a substitute for patching. Additionally, organizations should monitor network traffic and logs for anomalous patterns that could indicate exploitation attempts. Incorporating cryptographic best practices such as key rotation and layered encryption can also help limit exposure. Finally, informing development teams about safe usage patterns and the importance of timely updates is critical to prevent recurrence.