CVE-2025-69287
📋 TL;DR
This vulnerability in the BSV Blockchain SDK allows authentication bypass due to incorrect signature data preparation in BRC-104 mutual authentication. It affects applications using the TypeScript SDK for BSV Blockchain development prior to version 2.0.0. The flaw causes signature incompatibility between SDK implementations, potentially enabling attackers to bypass authentication checks.
💻 Affected Systems
- BSV Blockchain TypeScript SDK
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could bypass mutual authentication between peers, potentially gaining unauthorized access to blockchain applications or services.
Likely Case
Cross-implementation authentication failures between TypeScript and Go/Python SDKs, disrupting application functionality.
If Mitigated
Authentication failures are detected and logged, preventing unauthorized access but causing service disruption.
🎯 Exploit Status
Exploitation requires understanding of BRC-104 protocol and ability to manipulate authentication flows.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0
Vendor Advisory: https://github.com/bsv-blockchain/ts-sdk/security/advisories/GHSA-vjpq-xx5g-qvmm
Restart Required: Yes
Instructions:
1. Update package.json to use @bsv/sdk version 2.0.0 or higher
2. Run npm update @bsv/sdk
3. Restart all affected applications
4. Test BRC-104 authentication functionality
🔧 Temporary Workarounds
Disable BRC-104 Authentication
allTemporarily disable BRC-104 mutual authentication feature until patched
Modify application configuration to disable BRC-104 authentication
🧯 If You Can't Patch
- Implement additional authentication layer (e.g., API keys, IP whitelisting)
- Monitor authentication logs for suspicious patterns and failed attempts
🔍 How to Verify
Check if Vulnerable:
Check package.json for @bsv/sdk version below 2.0.0 and verify BRC-104 authentication is enabledCheck Version:
npm list @bsv/sdkVerify Fix Applied:
Confirm @bsv/sdk version is 2.0.0+ and test BRC-104 authentication with other SDK implementations📡 Detection & Monitoring
Log Indicators:
- Failed BRC-104 authentication attempts
- Signature validation errors
- Cross-SDK authentication mismatches
Network Indicators:
- Unexpected authentication protocol deviations
- Abnormal peer connection patterns
SIEM Query:
source="application_logs" AND ("BRC-104" OR "authentication failed" OR "signature mismatch")