CVE-2025-64767
- Source
- https://cve.org/CVERecord?id=CVE-2025-64767
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-64767.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-64767
- Aliases
- Published
- 2025-11-21T18:47:19.930Z
- Modified
- 2026-04-02T13:03:36.946116Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- hpke-js reuses AEAD nonces
- Details
-
hpke-js is a Hybrid Public Key Encryption (HPKE) module built on top of Web Cryptography API. Prior to version 1.7.5, the public SenderContext Seal() API has a race condition which allows for the same AEAD nonce to be re-used for multiple Seal() calls. This can lead to complete loss of Confidentiality and Integrity of the produced messages. This issue has been patched in version 1.7.5.
- Database specific
{ "cwe_ids": [ "CWE-323" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64767.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/dajiaji/hpke-js/blob/b7fd3592c7c08660c98289d67c6bb7f891af75c4/packages/core/src/senderContext.ts#L22-L34
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/64xxx/CVE-2025-64767.json
- https://github.com/dajiaji/hpke-js/security/advisories/GHSA-73g8-5h73-26h4
- https://nvd.nist.gov/vuln/detail/CVE-2025-64767
- https://github.com/dajiaji/hpke-js/commit/94a767c9b9f37ce48d5cd86f7017d8cacd294aaf
Affected packages
Git / github.com/dajiaji/hpke-js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/dajiaji/hpke-js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.12.0
0.12.1
0.13.0
0.17.2
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.19.0
0.20.0
0.21.0
0.22.0
0.22.1
0.22.2
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.1.0
1.1.1
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.4.0
1.4.2
1.4.3
1.5.0
1.6.0
1.6.1
@hpke/chacha20poly1305@1.*
@hpke/chacha20poly1305@1.7.1
@hpke/common@1.*
@hpke/common@1.8.0
@hpke/common@1.8.1
@hpke/core@1.*
@hpke/core@1.7.4
@hpke/dhkem-secp256k1@1.*
@hpke/dhkem-secp256k1@1.6.4
@hpke/dhkem-x25519@1.*
@hpke/dhkem-x25519@1.6.4
@hpke/dhkem-x448@1.*
@hpke/dhkem-x448@1.6.4
@hpke/dhkem-x448@1.6.4-1
@hpke/hybridkem-x-wing@0.*
@hpke/hybridkem-x-wing@0.6.1
@hpke/ml-kem@0.*
@hpke/ml-kem@0.2.1
chacha20poly1305/1.*
chacha20poly1305/1.6.2
chacha20poly1305/1.6.3
chacha20poly1305/1.7.0
common/1.*
common/1.6.1
common/1.7.0
common/1.7.1
common/1.7.2
common/1.7.3
core/1.*
core/1.7.0
core/1.7.1
core/1.7.2
core/1.7.3
dhkem-secp256k1/1.*
dhkem-secp256k1/1.6.2
dhkem-secp256k1@1.*
dhkem-secp256k1@1.6.3
dhkem-x/1.*
dhkem-x/1.6.2
dhkem-x25519/1.*
dhkem-x25519/1.6.3
dhkem-x448/1.*
dhkem-x448/1.6.3
hpke-js/1.*
hpke-js/1.6.2
hpke-js/1.6.3
hpke-js@1.*
hpke-js@1.6.4
hybridkem-x-wing/0.*
hybridkem-x-wing/0.3.0
hybridkem-x-wing/0.4.0
hybridkem-x-wing/0.5.0
hybridkem-x-wing/0.5.1
hybridkem-x-wing/0.5.2
hybridkem-x-wing@0.*
hybridkem-x-wing@0.6.0
ml-kem/0.*
ml-kem/0.1.0
ml-kem/0.1.1
ml-kem/0.2.0
v0.*
v0.10.0
v0.10.1
v0.10.2
v0.11.0
v0.11.1
v0.11.2
v0.11.3
v0.11.4
v0.11.5
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.18.3
v0.18.4
v0.18.5
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.2.4
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.9.1