Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in 弱身份验证. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is told to be difficult. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as af996b5ec27ab79bae3882071b9d6acf16044549. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a patch for the affected product. However, at the moment there is no proof that this flaw might have any real-world impact.
AnalysisAI
PuTTY versions up to 0.83 contain a weak authentication vulnerability in the Ed25519 signature verification function (eddsa_verify in crypto/ecc-ssh.c) that allows remote attackers to potentially forge or manipulate digital signatures due to improper validation of Ed25519 signature components. While a public proof-of-concept exploit exists and the vulnerability affects signature verification, the real-world impact remains unproven, with CVSS 3.7 (low severity) and EPSS probability indicating exploitation is difficult and requires high complexity. The vendor (PuTTY developers) has already released a patch addressing this issue.
Technical ContextAI
This vulnerability exists in PuTTY's implementation of Ed25519 signature verification, a component of the SSH protocol for cryptographic authentication. The root cause is classified as CWE-347 (Improper Verification of Cryptographic Signature), which involves the eddsa_verify function failing to properly validate Ed25519 signature parameters according to RFC 8032 specifications. Specifically, the vulnerability appears related to handling of overlarge 's' values in Ed25519 signatures—a malleability issue where an attacker could construct alternative valid-looking signatures that pass weak verification checks. The affected component is part of PuTTY's SSH cryptographic library, which handles key exchange and host authentication during remote sessions. The CPE affected is cpe:2.3:a:n/a:putty:*:*:*:*:*:*:*:*, indicating all versions up to the patch are potentially affected.
RemediationAI
Upgrade PuTTY to a version released after commit af996b5ec27ab79bae3882071b9d6acf16044549 (check the official PuTTY release page at https://www.chiark.greenend.org.uk/~sgtatham/putty/ for the next release following version 0.83). This patch addresses the Ed25519 signature verification weakness by properly validating signature component bounds per RFC 8032 section 8.4. Until patching is feasible, users should reduce exposure by restricting PuTTY SSH connections to known, trusted hosts and networks, and consider using SSH key pinning or certificate verification features where available. Organizations managing PuTTY deployments should prioritize this upgrade in their regular patching cycle but may phase it over normal update windows given the low CVSS and unproven real-world impact.
More in Jwt Attack
View allWhy is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote
Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)
Same technique Information Disclosure
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 0.74-1+deb11u2 | - |
| bullseye (security) | vulnerable | 0.74-1+deb11u1 | - |
| bookworm | vulnerable | 0.78-2+deb12u2 | - |
| bookworm (security) | vulnerable | 0.78-2+deb12u1 | - |
| forky, sid, trixie | vulnerable | 0.83-3 | - |
| (unstable) | fixed | (unfixed) | unimportant |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14301
GHSA-p96h-94q2-fh5v