← Voltar para CVEs
CVE-2025-65951
HIGH8.7
Descricao
Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f.
Detalhes CVE
Pontuacao CVSS v3.18.7
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado11/25/2025
Ultima modificacao11/25/2025
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-200CWE-327
Referencias
https://github.com/mescuwa/entropy-derby/commit/2d38d2f16bbb3b4240698148f80d8c5202725c77(security-advisories@github.com)
https://github.com/mescuwa/entropy-derby/security/advisories/GHSA-pm54-f847-w4mh(security-advisories@github.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.