CVE-2025-64767
📋 TL;DR
A race condition in hpke-js's SenderContext Seal() API allows re-use of AEAD nonces across multiple encryption calls, breaking cryptographic guarantees. This affects all applications using hpke-js versions before 1.7.5 for HPKE encryption. Attackers can potentially decrypt messages and forge encrypted content.
💻 Affected Systems
- hpke-js
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete loss of message confidentiality and integrity - attackers can decrypt all encrypted communications and inject forged messages without detection.
Likely Case
Partial message decryption and potential data manipulation in multi-threaded environments where Seal() is called concurrently.
If Mitigated
Limited impact if single-threaded usage or low concurrency, but cryptographic guarantees remain compromised.
🎯 Exploit Status
Exploitation requires timing attacks to trigger race condition and cryptographic analysis to leverage nonce reuse.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.7.5
Vendor Advisory: https://github.com/dajiaji/hpke-js/security/advisories/GHSA-73g8-5h73-26h4
Restart Required: No
Instructions:
1. Update hpke-js dependency to version 1.7.5 or later. 2. Run 'npm update hpke-js' or 'yarn upgrade hpke-js'. 3. Rebuild and redeploy application. 4. No server restart needed for pure JavaScript applications.
🔧 Temporary Workarounds
Implement external nonce management
allAdd application-level locking to ensure sequential Seal() calls
// Implement mutex or queue system around Seal() calls
// Ensure single-threaded execution of encryption operations
🧯 If You Can't Patch
- Isolate vulnerable systems from untrusted networks
- Implement additional encryption layer (e.g., TLS) for all communications
🔍 How to Verify
Check if Vulnerable:
Check package.json or node_modules/hpke-js/package.json for version <1.7.5Check Version:
npm list hpke-js | grep hpke-jsVerify Fix Applied:
Confirm version 1.7.5 or higher is installed and review code for concurrent Seal() calls📡 Detection & Monitoring
Log Indicators:
- Multiple concurrent encryption operations
- Unexpected decryption failures or successes
Network Indicators:
- Unusual patterns in encrypted traffic
- Repeated nonce values in protocol analysis
SIEM Query:
Search for application logs containing 'hpke-js' version strings or encryption error messages