Is postquantum-feldman-vss affected by CVE-2025-29779?

PyPI postquantum-feldman-vss is affected in <=0.8.0b2.

Is CVE-2025-29779 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

medium

CVE-2025-29779

Q: Is CVE-2025-29779 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · postquantum-feldman-vss

Summary

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Severity: medium
EPSS: 0.2% (p7)
Also known as: GHSA-r8gc-qc2c-c7vh
Published: 2025-03-14

References

https://github.com/DavidOsipov/PostQuantum-Feldman-VSS/security/advisories/GHSA-r8gc-qc2c-c7vh
https://nvd.nist.gov/vuln/detail/CVE-2025-29779
https://en.wikipedia.org/wiki/Fault_attack

Related advisories

GHSA-v432-7f47-9g94 — high · PyPI/postquantum-feldman-vss
CVE-2025-29780 — medium · PyPI/postquantum-feldman-vss

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.