CVE-2025-62514
Published: 29 January 2026
Summary
CVE-2025-62514 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Parsec.Cloud Parsec. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 6.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the cryptographic flaw in libparsec_crypto to patch weak order point validation and prevent MITM exploitation.
Mandates robust cryptographic key establishment and management processes, including validation of Curve25519 points during Diffie-Hellman exchanges to block attacker-supplied weak keys.
Requires vulnerability scanning to identify the CVE-2025-62514 flaw in Parsec web's RustCrypto backend, enabling remediation before MITM exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables successful Adversary-in-the-Middle attacks by allowing key compromise during Diffie-Hellman exchange on Curve25519.
NVD Description
Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto…
more
backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.
Deeper analysisAI
CVE-2025-62514 is a cryptographic vulnerability in Parsec, a cloud-based application for secure file sharing. It affects versions on the 3.x branch prior to 3.6.0, specifically the libparsec_crypto component when compiled with the RustCrypto backend. The flaw arises because libparsec_crypto does not validate for weak order points on the Curve25519 elliptic curve. Only the Parsec web application is impacted, as the desktop version uses the libsodium backend instead.
An attacker in a man-in-the-middle (MITM) position can exploit this during the Diffie-Hellman key exchange by supplying weak order points to both communicating parties. This leads to a high probability that both parties derive the identical shared key, which the attacker also knows. As a result, the Short Authenticated String (SAS) code exchange succeeds, falsely assuring both parties that no MITM is present and enabling the attacker to decrypt and potentially tamper with communications.
Parsec version 3.6.0 patches the issue by adding proper checks for weak order points in the RustCrypto backend, as detailed in the commit at https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2 and the security advisory at https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9. Affected users should upgrade to 3.6.0 or later, with code references highlighting the fix in libparsec_crypto's private.rs and related curve25519-dalek dependencies.
Details
- CWE(s)