How severe is CVE-2025-24802?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2025-24802?

This is classified as CWE-1240, which is a common weakness in software security.

CVE-2025-24802

HIGH Year: 2025

CVSS v3 Score

8.6

High

Weakness Type

CWE-1240

View all →

Vulnerability Description

Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the 0 -> 0 input-output pair. Thus a malicious prover can always prove that f(0) = 0 for any lookup table f (unless its length happens to be divisible by 26). The cause of problem is that the LookupTableGate-s are padded with zeros. A workaround from the user side is to extend the table (by repeating some entries) so that its length becomes divisible by 26. This vulnerability is fixed in 1.0.1.

CVE-2025-22475

HIGH

CVSS:7.5(High)

Dell PowerProtect DD, versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.10 contains a use of a Cryptographic Primitive with a Risky Implementation vulnerability. A remote attacker could potentiall...

CWE-12402025

CVE-2023-51392

CRITICAL

CVSS:9.8(Critical)

Ember ZNet between v7.2.0 and v7.4.0 used software AES-CCM instead of integrated hardware cryptographic accelerators, potentially increasing risk of electromagnetic and differential power analysis sid...

CWE-12402023

CVE-2024-0323

CRITICAL

CVSS:9.8(Critical)

The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-midd...

CWE-12402024