Description

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invalid input bytes as the Ristretto identity element, leading to potentially incorrect cryptographic results. This is fixed in commit 36f70d1.

INFO

Published Date :

2025-07-28T20:08:22.886Z

Last Modified :

2025-07-28T20:26:18.866Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54426 vulnerability.

Vendors Products
Polkadot
  • Frontier
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54426.

URL Resource
https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf cve-icon cve-icon
https://github.com/polkadot-evm/frontier/commit/36f70d1defcaeaed5a453015f6c98c21bb5b121b cve-icon cve-icon
https://github.com/polkadot-evm/frontier/pull/1720/commits/8ed6053fb868495477ba2409f7e64f439df76f96 cve-icon cve-icon
https://github.com/polkadot-evm/frontier/security/advisories/GHSA-v4q3-23rh-w5mw cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability