CVE-2025-7396

{"id": "CVE-2025-7396", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}], "cvssMetricV40": [{"type": "Secondary", "source": "facts@wolfssl.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.6, "Automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:P/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-18T23:15:23.797", "references": [{"url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025", "tags": ["Release Notes"], "source": "facts@wolfssl.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-385"}]}], "descriptions": [{"lang": "en", "value": "In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is only for the base C implementation of Curve25519. It is not needed, or available with; ARM assembly builds, Intel assembly builds, and the small Curve25519 feature. While the side-channel attack on extracting a private key would be very difficult to execute in practice, enabling blinding provides an additional layer of protection for devices that may be more susceptible to physical access or side-channel observation."}, {"lang": "es", "value": "En la versi\u00f3n 5.8.2 de wolfSSL, la compatibilidad con el cegamiento est\u00e1 activada por defecto para Curve25519 en las compilaciones aplicables. La opci\u00f3n de configuraci\u00f3n de cegamiento solo est\u00e1 disponible para la implementaci\u00f3n b\u00e1sica de Curve25519 en C. No es necesaria ni est\u00e1 disponible con compilaciones de ensamblaje ARM, compilaciones de ensamblaje Intel ni con la funci\u00f3n peque\u00f1a de Curve25519. Si bien el ataque de canal lateral para extraer una clave privada ser\u00eda muy dif\u00edcil de ejecutar en la pr\u00e1ctica, habilitar el cegamiento proporciona una capa adicional de protecci\u00f3n para dispositivos que podr\u00edan ser m\u00e1s susceptibles al acceso f\u00edsico o a la observaci\u00f3n de canal lateral."}], "lastModified": "2025-12-03T15:25:26.673", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wolfssl:wolfssl:5.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A77590-75C8-4CF5-A5C6-4A8A1249E9FF"}], "operator": "OR"}]}], "sourceIdentifier": "facts@wolfssl.com"}