Cyber Resilience

CVE-2025-62514

HighPublic PoC

Published: 29 January 2026

Published
29 January 2026
Modified
02 March 2026
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0026 17.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-62514 is a high-severity Use of a Broken or Risky Cryptographic Algorithm (CWE-327) vulnerability in Parsec.Cloud Parsec. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-12 (Cryptographic Key Establishment and Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-62514 is a cryptographic vulnerability in Parsec, a cloud-based application for secure file sharing. It affects versions on the 3.x branch prior to 3.6.0, specifically the libparsec_crypto component when compiled with the RustCrypto backend. The flaw arises because libparsec_crypto does not validate for weak order points on the Curve25519 elliptic curve. Only the Parsec web application is impacted, as the desktop version uses the libsodium backend instead.

An attacker in a man-in-the-middle (MITM) position can exploit this during the Diffie-Hellman key exchange by supplying weak order points to both communicating parties. This leads to a high probability that both parties derive the identical shared key, which the attacker also knows. As a result, the Short Authenticated String (SAS) code exchange succeeds, falsely assuring both parties that no MITM is present and enabling the attacker to decrypt and potentially tamper with communications.

Parsec version 3.6.0 patches the issue by adding proper checks for weak order points in the RustCrypto backend, as detailed in the commit at https://github.com/Scille/parsec-cloud/commit/197bb6387b49fec872b5e4a04dcdb82b3d2995b2 and the security advisory at https://github.com/Scille/parsec-cloud/security/advisories/GHSA-hrc9-gm58-pgj9. Affected users should upgrade to 3.6.0 or later, with code references highlighting the fix in libparsec_crypto's private.rs and related curve25519-dalek dependencies.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Parsec is a cloud-based application for cryptographically secure file sharing. In versions on the 3.x branch prior to 3.6.0, `libparsec_crypto`, a component of the Parsec application, does not check for weak order point of Curve25519 when compiled with its RustCrypto…

more

backend. In practice this means an attacker in a man-in-the-middle position would be able to provide weak order points to both parties in the Diffie-Hellman exchange, resulting in a high probability to for both parties to obtain the same shared key (hence leading to a successful SAS code exchange, misleading both parties into thinking no MITM has occurred) which is also known by the attacker. Note only Parsec web is impacted (as Parsec desktop uses `libparsec_crypto` with the libsodium backend). Version 3.6.0 of Parsec patches the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

Vulnerability directly enables successful Adversary-in-the-Middle attacks by allowing key compromise during Diffie-Hellman exchange on Curve25519.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-66598Shared CWE-327
CVE-2024-8603Shared CWE-327
CVE-2026-1627Shared CWE-327
CVE-2019-25651Shared CWE-327
CVE-2026-24785Shared CWE-327
CVE-2024-4282Shared CWE-327
CVE-2026-1626Shared CWE-327
CVE-2025-22475Shared CWE-1240, CWE-327
CVE-2025-66597Shared CWE-327
CVE-2025-63912Shared CWE-327

Affected Assets

parsec.cloud
parsec
3.0.0 — 3.6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly requires timely identification, reporting, and correction of the cryptographic flaw in libparsec_crypto to patch weak order point validation and prevent MITM exploitation.

prevent

Mandates robust cryptographic key establishment and management processes, including validation of Curve25519 points during Diffie-Hellman exchanges to block attacker-supplied weak keys.

detect

Requires vulnerability scanning to identify the CVE-2025-62514 flaw in Parsec web's RustCrypto backend, enabling remediation before MITM exploitation.

References