Impact
The openvm-pairing library’s try_honest_pairing_check calls a theorem that verifies pairings but fails to ensure that the scaling factor s is in the appropriate subfield of Fp12. Because this subfield check is omitted, the function can return a true result for pairings that are mathematically invalid. An attacker who can influence the input to this function would therefore be able to forge valid pairings, compromising any cryptographic protocol that relies on OpenVM's pairing verification. This vulnerability is a classic example of CWE‑20, input validation failure.
Affected Systems
The problem exists in all releases of openvm-org/openvm that precede v1.6.0. All users who depend on the openvm-pairing guest library before the 1.6.0 release are affected.
Risk and Exploitability
The assigned CVSS score of 8.7 indicates a high severity. The EPSS score of 0.00085 indicates a very low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation at present. Nevertheless, the attack vector is inferred to be local or remote input that reaches the try_honest_pairing_check routine, allowing an adversary to supply crafted scaling factors and bypass pairing validation.
OpenCVE Enrichment