AI description
CVE-2025-30147 affects the Ethereum client Hyperledger Besu, specifically versions 24.7.1 through 25.2.2, which correspond to besu-native versions 0.9.0 through 1.2.1. This vulnerability involves a potential consensus bug related to the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto's bn254 implementation. The core issue arises because certain crafted Elliptic Curve (EC) points, while in the correct subgroup, may not actually lie on the curve. The besu-native gnark implementation incorrectly relied on subgroup checks to perform point-on-curve checks. This could lead to Besu providing an incorrect result and falling out of consensus when processing these precompiles with specially crafted input points. Homogenous Besu-only networks could potentially enshrine invalid states, creating difficulties for patched Besu versions to process these calls correctly. The vulnerability is fixed in besu-native release 1.3.0, and Besu version 25.3.0.
- Description
- Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding to besu-native versions 0.9.0 through 1.2.1, have a potential consensus bug for the precompiles ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08). These precompiles were reimplemented in besu-native using gnark-crypto's bn254 implementation, as the former implementation used a library which was no longer maintained and not sufficiently performant. The new gnark implementation was initially added in version 0.9.0 of besu-native but was not utilized by Besu until version 0.9.2 in Besu 24.7.1. The issue is that there are EC points which may be crafted which are in the correct subgroup but are not on the curve and the besu-native gnark implementation was relying on subgroup checks to perform point-on-curve checks as well. The version of gnark-crypto used at the time did not do this check when performing subgroup checks. The result is that it was possible for Besu to give an incorrect result and fall out of consensus when executing one of these precompiles against a specially crafted input point. Additionally, homogenous Besu-only networks can potentially enshrine invalid state which would be incorrect and difficult to process with patched versions of besu which handle these calls correctly. The underlying defect has been patched in besu-native release 1.3.0. The fixed version of Besu is version 25.3.0. As a workaround for versions of Besu with the problem, the native precompile for altbn128 may be disabled in favor of the pure-java implementation. The pure java implementation is significantly slower, but does not have this consensus issue.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-325
- Hype score
- Not currently trending
BREAKING: CVE-2025-30147 - The curious case of subgroup check on Besu https://t.co/OSXY6Seiun https://t.co/2kh8R5Q8Hu
@CoinInsightPro
10 May 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-30147 🔴 HIGH (8.7) 🏢 hyperledger - besu-native 🏗️ >= 0.9.0, < 1.3.0 🔗 https://t.co/G4gPiSeAxX 🔗 https://t.co/62m0B3XNk7 #CyberCron #VulnAlert #InfoSec https://t.co/hgrJQepxTy
@cybercronai
8 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Real Slim Shady: CVE-2025-30147 - The curious case of subgroup check on Besu https://t.co/G357vUNvBj https://t.co/QBnZ50Imi1
@asanso
7 May 2025
5671 Impressions
11 Retweets
44 Likes
9 Bookmarks
1 Reply
4 Quotes