What is CVE-2025-48946?

CVE-2025-48946 is a low-severity vulnerability in Open-quantum-safe Liboqs, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 3.7/10. Published 2025-05-30.

How severe is CVE-2025-48946?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Open-quantum-safe Liboqs

CVE-2025-48946

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.001 (33.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Open-quantum-safe Liboqs — versions < 0.13.0

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-3rxw-4v8q-9gq5 (x_refsource_CONFIRM)
https://github.com/open-quantum-safe/liboqs/commit/a7d698ca9c9d98990647459253183cbe29c550af (x_refsource_MISC)
https://durumcrustulum.com/2024/02/24/how-to-hold-kems/#hqc (x_refsource_MISC)
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Wiu4ZQo3fP80 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-48946?: CVE-2025-48946 is a low-severity vulnerability in Open-quantum-safe Liboqs, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 3.7/10. Published 2025-05-30.
How severe is CVE-2025-48946?: Low severity. CVSS v3 base score is 3.7 out of 10.