CVE-2025-59432

Description

### Impact A timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because `Arrays.equals` was used to compare secret values such as client proofs and server signatures. Since `Arrays.equals` performs a short-circuit comparison, the execution time varies depending on how many leading bytes match. This behavior could allow an attacker to perform a timing side-channel attack and potentially infer sensitive authentication material. All users relying on SCRAM authentication are impacted. ### Patches This vulnerability has been patched by replacing `Arrays.equals` with `MessageDigest.isEqual`, which ensures constant-time comparison. Users should upgrade to version **3.2** or later to mitigate this issue. ### Workarounds Because the attack requires high precision and repeated attempts, the risk is limited, but the only reliable mitigation is to upgrade to a patched release (version 3.2 or later). ### References - [Java `MessageDigest.isEqual` Documentation](https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte[],byte[]))

How to fix CVE-2025-59432

To remediate CVE-2025-59432, upgrade the affected package to a fixed version below.

• —no fix listed
• —upgrade to 3.2 or later

Is CVE-2025-59432 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0
• from 0, < 3.2

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-59432
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2025-59432
• PATCHgithub.com/ongres/scram
• WEBdocs.oracle.com/en/java/javase/25/docs/api/java.base/java/security/MessageDigest.html#isEqual(byte%5B%5D,byte%5B%5D)