CVE-2025-57801 – This vulnerability in gnark's signature verific... (How to Fix)

Q: What is the severity of CVE-2025-57801?

CVE-2025-57801 has a CVSS score of 9.1 (CRITICAL). This vulnerability in gnark's signature verification allows signature malleability, enabling multiple distinct witnesses to satisfy the same public inputs. It primarily affects systems using gnark's EdDSA or ECDSA circuits for nullifiers or anti-replay checks, potentially allowing double spending attacks. Users of gnark versions before 0.14.0 are affected.

📋 TL;DR

This vulnerability in gnark's signature verification allows signature malleability, enabling multiple distinct witnesses to satisfy the same public inputs. It primarily affects systems using gnark's EdDSA or ECDSA circuits for nullifiers or anti-replay checks, potentially allowing double spending attacks. Users of gnark versions before 0.14.0 are affected.

💻 Affected Systems

Products:

gnark

Versions: All versions prior to 0.14.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using gnark's EdDSA or ECDSA circuits with signature-derived nullifiers or anti-replay checks.

📦 What is this software?

Gnark by Consensys

View all CVEs affecting Gnark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Double spending attacks in cryptocurrency or payment systems, financial losses, and protocol integrity compromise.

🟠

Likely Case

Signature malleability enabling replay attacks or bypassing anti-replay mechanisms in affected applications.

🟢

If Mitigated

Limited impact if systems don't use signature-derived nullifiers or have additional validation layers.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of zero-knowledge proofs and signature malleability techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.14.0

Vendor Advisory: https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj

Restart Required: No

Instructions:

1. Update gnark to version 0.14.0 or later. 2. Run 'go get github.com/consensys/gnark@v0.14.0'. 3. Rebuild and redeploy applications using gnark.

🔧 Temporary Workarounds

Manual signature validation

all

Add custom constraints to verify 0 ≤ S < order in signature verification circuits

Implement additional constraints in EdDSA/ECDSA circuit verification logic

🧯 If You Can't Patch

Implement additional validation layers outside gnark circuits
Monitor for duplicate nullifiers or replay attempts in application logic

🔍 How to Verify

Check if Vulnerable:

Check if using gnark version <0.14.0 and using EdDSA/ECDSA circuits with signature-derived nullifiers

Check Version:

go list -m github.com/consensys/gnark

Verify Fix Applied:

Verify gnark version is 0.14.0+ and test signature verification with malformed S values

📡 Detection & Monitoring

Log Indicators:

Multiple successful verifications with same public inputs
Duplicate nullifier usage

Network Indicators:

Repeated transactions with similar signatures
Unusual verification patterns

SIEM Query:

Search for duplicate transaction IDs or nullifiers in application logs

📊 Metadata

CVE ID: CVE-2025-57801

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-347

EPSS Score: 0.04% exploit probability (11.4th percentile)

Published: August 22, 2025

Last Updated: September 12, 2025

🔗 References

https://github.com/Consensys/gnark/commit/0ba6730f05537a351517998add89a61a0d82716e Patch
https://github.com/Consensys/gnark/security/advisories/GHSA-95v9-hv42-pwrj Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57801, you might also want to check these: