AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-29780: Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret

infovulnerability

security

Source: NVD/CVE DatabaseMarch 14, 2025CVE-2025-29780

Summary

CVE-2025-29780 is a timing side-channel vulnerability (a security flaw where an attacker measures how long code takes to run to extract secrets) in the feldman_vss Python library versions 0.8.0b2 and earlier. The vulnerability exists in matrix operation functions that don't execute in constant time, potentially allowing an attacker to recover secret information through careful timing measurements of repeated function calls.

Solution / Mitigation

As of publication, no patched versions exist. The source text recommends three mitigations: (1) short term, use this library only in environments where attackers cannot measure execution timing; (2) medium term, create custom wrappers around critical operations using constant-time libraries in Rust, Go, or C; (3) long term, wait for the planned Rust implementation mentioned in the library documentation that will properly address these issues.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-203 CWE-208 CWE-385

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-29780

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 85%