← back
CVE-2025-62514

`libparsec_crypto` does not check for weak order point of curve 25519

CVSS 8.3 HIGHEPSS 0.3%CWE-1240CWE-327
In short

Parsec's cryptographic library fails to validate weak points in Curve25519 exchanges, allowing an attacker positioned between two users to forge a fake shared encryption key that appears legitimate to both parties, tricking them into trusting an unsafe connection.

Technical detail

CVE-2025-62514 involves insufficient validation of Curve25519 low-order points in the Diffie-Hellman key exchange within libparsec_crypto's RustCrypto backend. A MITM attacker can inject weak order points, causing both parties to derive identical shared secrets unknown to the attacker while bypassing SAS verification, affecting Parsec web deployments only.

Summary generated and translated by AI from the official description.
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected products
Scille · parsec-cloud

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/curve25519-dalek/src/montgomery.rs#L132-L146https://github.com/dalek-cryptography/curve25519-dalek/blob/8c53a8f10b146a2fd65069437e3576e49b390e7a/x25519-dalek/src/x25519.rs#L364-L366https://github.com/Scille/parsec-cloud/blob/e7c5cdbc4234f606ccf3ab2be7e9edc22db16feb/libparsec/crates/crypto/src/rustcrypto/private.rs#L136-L138https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9