CVE - CVE-2025-22866

CVE-ID
CVE-2025-22866	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://go.dev/cl/643735 URL:https://go.dev/cl/643735 MISC:https://go.dev/issue/71383 URL:https://go.dev/issue/71383 MISC:https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k URL:https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k MISC:https://pkg.go.dev/vuln/GO-2025-3447 URL:https://pkg.go.dev/vuln/GO-2025-3447
Assigning CNA
Go Project
Date Record Created
20250108	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250108)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)