Overview
A critical vulnerability, identified as CVE-2025-64767, has been discovered in hpke-js, a Hybrid Public Key Encryption (HPKE) module built on top of the Web Cryptography API. This vulnerability exists in versions prior to 1.7.5 and stems from a race condition within the public SenderContext Seal() API. This race condition allows for the potential re-use of the same AEAD (Authenticated Encryption with Associated Data) nonce across multiple Seal() calls. Successful exploitation of this vulnerability could lead to a complete loss of confidentiality and integrity of the encrypted messages.
Technical Details
The vulnerability lies in the SenderContext Seal() function within the hpke-js library. Due to a race condition, the nonce generation process isn’t properly synchronized, which means concurrent calls to Seal() can potentially generate the same nonce value. AEAD algorithms rely on unique nonces for each encryption operation. Reusing nonces weakens or completely breaks the encryption, enabling attackers to potentially recover the plaintext or forge messages.
The vulnerable code can be seen at senderContext.ts on GitHub (prior to the patch). The fix implemented addresses this race condition, ensuring nonce uniqueness.
CVSS Analysis
This vulnerability has been assigned a CVSS score of 9.1, classifying it as CRITICAL severity. This high score reflects the potential for significant impact and ease of exploitation.
Possible Impact
The impact of exploiting CVE-2025-64767 is severe. If an attacker can trigger the nonce re-use condition, they could:
- Completely compromise the confidentiality of encrypted data: Attackers could potentially decrypt messages.
- Compromise the integrity of encrypted data: Attackers could potentially forge messages that appear legitimate.
- Potentially gain unauthorized access to sensitive systems or data: Depending on how hpke-js is used, this could lead to a larger breach.
This vulnerability is especially concerning for applications relying on hpke-js for secure communication and data protection.
Mitigation and Patch Steps
The recommended mitigation is to immediately update to hpke-js version 1.7.5 or later. This version contains the necessary patch to address the nonce re-use vulnerability. You can update hpke-js using your package manager (e.g., npm, yarn):
npm update @hpke/coreor
yarn upgrade @hpke/coreAfter updating, thoroughly test your application to ensure the updated library is functioning correctly and that no regressions have been introduced.
References
- CVE ID: CVE-2025-64767
- Vulnerable Code: hpke-js SenderContext.ts
- Patch Commit: hpke-js Patch Commit
- GitHub Advisory: GHSA-73g8-5h73-26h4
