Vulnerability Description
A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: this is disputed by the Supplier because the product's objective is "to discourage automated scraping / bots, not guarantee resistance to determined attackers." The documentation states “the goal is not to provide a secure cryptographic algorithm but to use a proof-of-work mechanism that allows any capable device to decrypt the hidden data.”
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://altcha.org/docs/v2/obfuscation/
- https://github.com/altcha-org/altcha/blob/154f874cbcdd4e639783463130d13988a2bd1b
- https://github.com/eternal-flame-AD/altcha-deobfs
FAQ
What is CVE-2025-65849?
CVE-2025-65849 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A cryptanalytic break in Altcha Proof-of-Work obfuscation mode version 0.8.0 and later allows for remote visitors to recover the Proof-of-Work nonce in constant time via mathematical deduction. NOTE: ...
How severe is CVE-2025-65849?
CVE-2025-65849 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-65849?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.