{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-62514","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2025-10-15T15:03:28.134Z","datePublished":"2026-01-29T15:46:50.922Z","dateUpdated":"2026-01-29T21:29:03.456Z"},"containers":{"cna":{"title":"`libparsec_crypto` does not check for weak order point of curve 25519","problemTypes":[{"descriptions":[{"cweId":"CWE-327","lang":"en","description":"CWE-327: Use of a Broken or Risky Cryptographic Algorithm","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-1240","lang":"en","description":"CWE-1240: Use of a Cryptographic Primitive with a Risky Implementation","type":"CWE"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":8.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","version":"3.1"}}],"references":[{"name":"https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9","tags":["x_refsource_CONFIRM"],"url":"https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9"},{"name":"https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2","tags":["x_refsource_MISC"],"url":"https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2"},{"name":"https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9edc22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138","tags":["x_refsource_MISC"],"url":"https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9edc22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138"},{"name":"https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146","tags":["x_refsource_MISC"],"url":"https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146"},{"name":"https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L366","tags":["x_refsource_MISC"],"url":"https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L366"}],"affected":[{"vendor":"Scille","product":"parsec-cloud","versions":[{"version":">= 3.0.0-alpha, < 3.6.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-01-29T15:46:50.922Z"},"descriptions":[{"lang":"en","value":"Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue."}],"source":{"advisory":"GHSA-hrc9-gm58-pgj9","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-29T21:28:52.658721Z","id":"CVE-2025-62514","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-29T21:29:03.456Z"}}]}}