Vulnerability in Davidosipov Postquantum-feldman-vss

CVE-2025-29780

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabili…

EPSS: 0.001 (21.7th percentile) — read the EPSS interpretation.

Affected products

Davidosipov Postquantum-feldman-vss — versions <= 0.8.0b2

Weakness classification (CWE)

References

https://github.com/DavidOsipov/PostQuantum-Feldman-VSS/security/advisories/GHSA-q65w-fg65-79f4 (x_refsource_CONFIRM)
https://en.wikipedia.org/wiki/Side-channel_attack (x_refsource_MISC)
https://www.rambus.com/wp-content/uploads/2015/08/TimingAttacks.pdf (x_refsource_MISC)