CVE-2025-59058 – httpsig-rs’s HMAC verification is vulnerable to timing attack

CVE ID : CVE-2025-59058

Published : Sept. 12, 2025, 2:15 p.m. | 28 minutes ago

Description : httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2026-9831 – ExtremeCloud IQ Cross Tenant Data Exposure via Extreme Platform One Authentication Race Condition

CVE-2026-4387 – Unencrypted storage of authentication state in StrongDM Desktop Application state.kv file

CVE-2026-48810 – FreeScout: Thread Edit Authorization Bypass via Missing Mailbox Check

CVE-2026-48811 – FreeScout: Thread Deletion Bypasses Mailbox Access Revocation