CWE-208
AllowedObservable Timing Discrepancy
Abstraction: Base · Status: Incomplete
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
306 vulnerabilities reference this CWE, most recent first.
CVE-2025-46570 (GCVE-0-2025-46570)
Vulnerability from cvelistv5 – Published: 2025-05-29 16:32 – Updated: 2025-05-29 18:05- CWE-208 - Observable Timing Discrepancy
| URL | Tags |
|---|---|
| https://github.com/vllm-project/vllm/security/adv… | x_refsource_CONFIRM |
| https://github.com/vllm-project/vllm/pull/17045 | x_refsource_MISC |
| https://github.com/vllm-project/vllm/commit/77073… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| vllm-project | vllm |
Affected:
< 0.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46570",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-29T18:04:57.706360Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T18:05:10.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "vllm",
"vendor": "vllm-project",
"versions": [
{
"status": "affected",
"version": "\u003c 0.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT (Time to First Token). These timing differences caused by matching chunks are significant enough to be recognized and exploited. This issue has been patched in version 0.9.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T16:32:42.794Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4qjh-9fv9-r85r"
},
{
"name": "https://github.com/vllm-project/vllm/pull/17045",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vllm-project/vllm/pull/17045"
},
{
"name": "https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vllm-project/vllm/commit/77073c77bc2006eb80ea6d5128f076f5e6c6f54f"
}
],
"source": {
"advisory": "GHSA-4qjh-9fv9-r85r",
"discovery": "UNKNOWN"
},
"title": "vLLM\u2019s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-46570",
"datePublished": "2025-05-29T16:32:42.794Z",
"dateReserved": "2025-04-24T21:10:48.175Z",
"dateUpdated": "2025-05-29T18:05:10.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43754 (GCVE-0-2025-43754)
Vulnerability from cvelistv5 – Published: 2025-08-21 17:10 – Updated: 2025-08-21 20:01- CWE-208 - Observable Timing Discrepancy
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T20:01:22.248023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T20:01:35.878Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Portal",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.3.132",
"status": "affected",
"version": "7.4.0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DXP",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.13-u92",
"status": "affected",
"version": "7.4.13",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q1.14",
"status": "affected",
"version": "2024.Q1.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "2023.Q2.13",
"status": "affected",
"version": "2024.Q2.0",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q3.13",
"status": "affected",
"version": "2024.Q3.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "2024.Q4.7",
"status": "affected",
"version": "2024.Q4.0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request."
}
],
"value": "Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T17:10:45.305Z",
"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"shortName": "Liferay"
},
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3",
"assignerShortName": "Liferay",
"cveId": "CVE-2025-43754",
"datePublished": "2025-08-21T17:10:45.305Z",
"dateReserved": "2025-04-17T10:55:24.865Z",
"dateUpdated": "2025-08-21T20:01:35.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30344 (GCVE-0-2025-30344)
Vulnerability from cvelistv5 – Published: 2025-03-21 00:00 – Updated: 2025-03-21 15:08- CWE-208 - Observable Timing Discrepancy
| Vendor | Product | Version | |
|---|---|---|---|
| Intevation | OpenSlides |
Affected:
0 , < 4.2.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30344",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T15:07:50.425946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T15:08:32.303Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSlides",
"vendor": "Intevation",
"versions": [
{
"lessThan": "4.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system\u0027s response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T05:57:51.082Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.x41-dsec.de/lab/advisories/x41-2025-001-OpenSlides"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-30344",
"datePublished": "2025-03-21T00:00:00.000Z",
"dateReserved": "2025-03-21T00:00:00.000Z",
"dateUpdated": "2025-03-21T15:08:32.303Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29780 (GCVE-0-2025-29780)
Vulnerability from cvelistv5 – Published: 2025-03-14 17:26 – Updated: 2025-03-19 15:27| URL | Tags |
|---|---|
| https://github.com/DavidOsipov/PostQuantum-Feldma… | x_refsource_CONFIRM |
| https://en.wikipedia.org/wiki/Side-channel_attack | x_refsource_MISC |
| https://www.rambus.com/wp-content/uploads/2015/08… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| DavidOsipov | PostQuantum-Feldman-VSS |
Affected:
<= 0.8.0b2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29780",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T13:53:56.748644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:54:39.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PostQuantum-Feldman-VSS",
"vendor": "DavidOsipov",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.8.0b2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Post-Quantum Secure Feldman\u0027s Verifiable Secret Sharing provides a Python implementation of Feldman\u0027s Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations, specifically within the `_find_secure_pivot` function and potentially other parts of `_secure_matrix_solve`. These vulnerabilities are due to Python\u0027s execution model, which does not guarantee constant-time execution. An attacker with the ability to measure the execution time of these functions (e.g., through repeated calls with carefully crafted inputs) could potentially recover secret information used in the Verifiable Secret Sharing (VSS) scheme. The `_find_secure_pivot` function, used during Gaussian elimination in `_secure_matrix_solve`, attempts to find a non-zero pivot element. However, the conditional statement `if matrix[row][col] != 0 and row_random \u003c min_value:` has execution time that depends on the value of `matrix[row][col]`. This timing difference can be exploited by an attacker. The `constant_time_compare` function in this file also does not provide a constant-time guarantee. The Python implementation of matrix operations in the _find_secure_pivot and _secure_matrix_solve functions cannot guarantee constant-time execution, potentially leaking information about secret polynomial coefficients. An attacker with the ability to make precise timing measurements of these operations could potentially extract secret information through statistical analysis of execution times, though practical exploitation would require significant expertise and controlled execution environments. Successful exploitation of these timing side-channels could allow an attacker to recover secret keys or other sensitive information protected by the VSS scheme. This could lead to a complete compromise of the shared secret. As of time of publication, no patched versions of Post-Quantum Secure Feldman\u0027s Verifiable Secret Sharing exist, but other mitigations are available. As acknowledged in the library\u0027s documentation, these vulnerabilities cannot be adequately addressed in pure Python. In the short term, consider using this library only in environments where timing measurements by attackers are infeasible. In the medium term, implement your own wrappers around critical operations using constant-time libraries in languages like Rust, Go, or C. In the long term, wait for the planned Rust implementation mentioned in the library documentation that will properly address these issues."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203: Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385: Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T15:27:58.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/DavidOsipov/PostQuantum-Feldman-VSS/security/advisories/GHSA-q65w-fg65-79f4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/DavidOsipov/PostQuantum-Feldman-VSS/security/advisories/GHSA-q65w-fg65-79f4"
},
{
"name": "https://en.wikipedia.org/wiki/Side-channel_attack",
"tags": [
"x_refsource_MISC"
],
"url": "https://en.wikipedia.org/wiki/Side-channel_attack"
},
{
"name": "https://www.rambus.com/wp-content/uploads/2015/08/TimingAttacks.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.rambus.com/wp-content/uploads/2015/08/TimingAttacks.pdf"
}
],
"source": {
"advisory": "GHSA-q65w-fg65-79f4",
"discovery": "UNKNOWN"
},
"title": "Post-Quantum Secure Feldman\u0027s Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29780",
"datePublished": "2025-03-14T17:26:58.453Z",
"dateReserved": "2025-03-11T14:23:00.475Z",
"dateUpdated": "2025-03-19T15:27:58.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27936 (GCVE-0-2025-27936)
Vulnerability from cvelistv5 – Published: 2025-04-16 09:14 – Updated: 2025-04-16 14:32- CWE-208 - Observable Timing Discrepancy
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.5.0 , ≤ 10.5.1
(semver)
Unaffected: 10.6.0 Unaffected: 10.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T14:19:16.252929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T14:32:45.176Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.5.1",
"status": "affected",
"version": "10.5.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.6.0"
},
{
"status": "unaffected",
"version": "10.5.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Plugin MSTeams versions \u0026lt;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2.1.0 and Mattermost Server\u0026nbsp;\u003c/span\u003eversions 10.5.x \u0026lt;=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows\u0026nbsp;an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison. \u003c/p\u003e"
}
],
"value": "Mattermost Plugin MSTeams versions \u003c2.1.0 and Mattermost Server\u00a0versions 10.5.x \u003c=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows\u00a0an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T09:14:55.095Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Plugin MSTeams to version 2.1.1 or Mattermost Server to versions 10.6.0, 10.5.2 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Plugin MSTeams to version 2.1.1 or Mattermost Server to versions 10.6.0, 10.5.2 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00450",
"defect": [
"https://mattermost.atlassian.net/browse/MM-63147"
],
"discovery": "INTERNAL"
},
"title": "Webhook Secret Exposure via Timing attack in MSteams plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-27936",
"datePublished": "2025-04-16T09:14:55.095Z",
"dateReserved": "2025-04-08T11:14:14.689Z",
"dateUpdated": "2025-04-16T14:32:45.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22234 (GCVE-0-2025-22234)
Vulnerability from cvelistv5 – Published: 2026-01-22 21:02 – Updated: 2026-01-22 21:27- CWE-208 - Timing Descrepency
| URL | Tags |
|---|---|
| https://spring.io/security/cve-2025-22234/ | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Spring | Spring Security |
Affected:
5.7.16
(semver)
Affected: 5.8.18 (semver) Affected: 6.0.16 (semver) Affected: 6.1.14 (semver) Affected: 6.2.10 (semver) Affected: 6.3.8 (semver) Affected: 6.4.4 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T21:27:06.559653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:27:13.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://spring.io/projects/spring-security",
"defaultStatus": "affected",
"product": "Spring Security",
"vendor": "Spring",
"versions": [
{
"status": "affected",
"version": "5.7.16",
"versionType": "semver"
},
{
"status": "affected",
"version": "5.8.18",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.0.16",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.1.14",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.2.10",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.3.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "6.4.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jonas Robl"
}
],
"datePublic": "2025-04-25T15:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.\u003c/p\u003e"
}
],
"value": "The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Timing Descrepency",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T21:02:23.992Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"name": "Spring Security Advisory: CVE-2025-22234",
"tags": [
"vendor-advisory"
],
"url": "https://spring.io/security/cve-2025-22234/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to a fixed version: 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, or 6.4.5 (depending on your release line).\u003c/p\u003e"
}
],
"value": "Upgrade to a fixed version: 5.7.17, 5.8.19, 6.0.17, 6.1.15, 6.2.11, 6.3.9, or 6.4.5 (depending on your release line)."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Security - BCrypt Password Encoder maximum password length breaks timing attack mitigation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22234",
"datePublished": "2026-01-22T21:02:23.992Z",
"dateReserved": "2025-01-02T04:29:59.191Z",
"dateUpdated": "2026-01-22T21:27:13.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20067 (GCVE-0-2025-20067)
Vulnerability from cvelistv5 – Published: 2025-08-12 16:58 – Updated: 2025-08-12 18:25- Information Disclosure
- CWE-208 - Observable Timing Discrepancy
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) CSME and Intel(R) SPS |
Affected:
See references
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20067",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T18:25:14.322998Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T18:25:53.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) CSME and Intel(R) SPS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable timing discrepancy in firmware for some Intel(R) CSME and Intel(R) SPS may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en"
},
{
"cweId": "CWE-208",
"description": "Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:58:04.888Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01280.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01280.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-20067",
"datePublished": "2025-08-12T16:58:04.888Z",
"dateReserved": "2024-10-11T03:00:12.211Z",
"dateUpdated": "2025-08-12T18:25:53.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13473 (GCVE-0-2025-13473)
Vulnerability from cvelistv5 – Published: 2026-02-03 14:32 – Updated: 2026-02-03 16:19- CWE-208 - Observable Timing Discrepancy
| URL | Tags |
|---|---|
| https://docs.djangoproject.com/en/dev/releases/se… | vendor-advisory |
| https://groups.google.com/g/django-announce | mailing-list |
| https://www.djangoproject.com/weblog/2026/feb/03/… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| djangoproject | Django |
Affected:
6.0 , < 6.0.2
(semver)
Unaffected: 6.0.2 (semver) Affected: 5.2 , < 5.2.11 (semver) Unaffected: 5.2.11 (semver) Affected: 4.2 , < 4.2.28 (semver) Unaffected: 4.2.28 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-13473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-03T16:19:11.902979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T16:19:15.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/Django/",
"defaultStatus": "unaffected",
"packageName": "django",
"product": "Django",
"repo": "https://github.com/django/django/",
"vendor": "djangoproject",
"versions": [
{
"lessThan": "6.0.2",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.0.2",
"versionType": "semver"
},
{
"lessThan": "5.2.11",
"status": "affected",
"version": "5.2",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "5.2.11",
"versionType": "semver"
},
{
"lessThan": "4.2.28",
"status": "affected",
"version": "4.2",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "4.2.28",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stackered"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jake Howard"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jacob Walls"
}
],
"datePublic": "2026-02-03T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\u003c/p\u003e\u003cp\u003eThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.\u003c/p\u003e\u003cp\u003eEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\u003c/p\u003e\u003cp\u003eDjango would like to thank Stackered for reporting this issue.\u003c/p\u003e"
}
],
"value": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack.\nEarlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\nDjango would like to thank Stackered for reporting this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-54",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-54: Query System for Information"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://docs.djangoproject.com/en/dev/internals/security/#security-issue-severity-levels",
"value": "low"
},
"type": "Django severity rating"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208: Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-03T14:32:26.240Z",
"orgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
"shortName": "DSF"
},
"references": [
{
"name": "Django security archive",
"tags": [
"vendor-advisory"
],
"url": "https://docs.djangoproject.com/en/dev/releases/security/"
},
{
"name": "Django releases announcements",
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/django-announce"
},
{
"name": "Django security releases issued: 6.0.2, 5.2.11, and 4.2.28",
"tags": [
"vendor-advisory"
],
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T18:00:00.000Z",
"value": "Initial report received."
},
{
"lang": "en",
"time": "2025-11-19T18:00:00.000Z",
"value": "Vulnerability confirmed."
},
{
"lang": "en",
"time": "2026-02-03T08:00:00.000Z",
"value": "Security release issued."
}
],
"title": "Username enumeration through timing difference in mod_wsgi authentication handler",
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6a34fbeb-21d4-45e7-8e0a-62b95bc12c92",
"assignerShortName": "DSF",
"cveId": "CVE-2025-13473",
"datePublished": "2026-02-03T14:32:26.240Z",
"dateReserved": "2025-11-20T11:44:39.641Z",
"dateUpdated": "2026-02-03T16:19:15.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9031 (GCVE-0-2025-9031)
Vulnerability from cvelistv5 – Published: 2025-09-24 08:25 – Updated: 2026-06-05 11:15| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-25-0293 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
| Vendor | Product | Version | |
|---|---|---|---|
| DivvyDrive Information Technologies Inc. | DivvyDrive Web |
Affected:
4.8.2.2 , < 4.8.2.15
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T14:03:58.151545Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T14:04:08.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DivvyDrive Web",
"vendor": "DivvyDrive Information Technologies Inc.",
"versions": [
{
"lessThan": "4.8.2.15",
"status": "affected",
"version": "4.8.2.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Emre AKTA\u015e"
}
],
"datePublic": "2025-09-24T08:23:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.\u003cp\u003eThis issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.\u003c/p\u003e"
}
],
"value": "Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.\n\nThis issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15."
}
],
"impacts": [
{
"capecId": "CAPEC-462",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-462 Cross-Domain Search Timing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T11:15:33.118Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-25-0293"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-25-0293"
}
],
"source": {
"advisory": "TR-25-0293",
"defect": [
"TR-25-0293"
],
"discovery": "UNKNOWN"
},
"title": "Timing-Based Username Enumeration in DivvyDrive Information Technologies\u0027 DivvyDrive Web",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-9031",
"datePublished": "2025-09-24T08:25:49.377Z",
"dateReserved": "2025-08-14T10:53:12.468Z",
"dateUpdated": "2026-06-05T11:15:33.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8774 (GCVE-0-2025-8774)
Vulnerability from cvelistv5 – Published: 2025-08-09 20:32 – Updated: 2025-08-12 16:04| URL | Tags |
|---|---|
| https://vuldb.com/?id.319297 | vdb-entry |
| https://vuldb.com/?ctiid.319297 | signaturepermissions-required |
| https://vuldb.com/?submit.625550 | third-party-advisory |
| https://github.com/fizz-is-on-the-way/vuls_cpu/tr… | related |
| Vendor | Product | Version | |
|---|---|---|---|
| riscv-boom | SonicBOOM |
Affected:
2.2.0
Affected: 2.2.1 Affected: 2.2.2 Affected: 2.2.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:47:22.449560Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T16:04:18.886Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"L1 Data Cache Handler"
],
"product": "SonicBOOM",
"vendor": "riscv-boom",
"versions": [
{
"status": "affected",
"version": "2.2.0"
},
{
"status": "affected",
"version": "2.2.1"
},
{
"status": "affected",
"version": "2.2.2"
},
{
"status": "affected",
"version": "2.2.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lcyf-fizz (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In riscv-boom SonicBOOM bis 2.2.3 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente L1 Data Cache Handler. Dank der Manipulation mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1,
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "Information Exposure Through Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T20:32:05.812Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319297 | riscv-boom SonicBOOM L1 Data Cache timing discrepancy",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319297"
},
{
"name": "VDB-319297 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319297"
},
{
"name": "Submit #625550 | SonicBOOM riscv-boom V2.2.3-210-gd77c2c3f implemented in Chipyard (V1.3.0) Improper Protection of Physical Side Channels",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.625550"
},
{
"tags": [
"related"
],
"url": "https://github.com/fizz-is-on-the-way/vuls_cpu/tree/master/MSHRush"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T22:29:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "riscv-boom SonicBOOM L1 Data Cache timing discrepancy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8774",
"datePublished": "2025-08-09T20:32:05.812Z",
"dateReserved": "2025-08-08T20:24:10.093Z",
"dateUpdated": "2025-08-12T16:04:18.886Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.
CAPEC-541: Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.