CVE-2025-29774 PoC — NPM xml-crypto 数据伪造问题漏洞

Source

https://github.com/demining/Phantom-Signature-Attack

Associated Vulnerability

Title:NPM xml-crypto 数据伪造问题漏洞 (CVE-2025-29774)
Description:NPM xml-crypto是NPM公司的一个数字签名和加密库。 NPM xml-crypto 6.0.0及之前版本存在安全漏洞，该漏洞源于绕过身份验证或授权机制，允许攻击者修改有效的签名XML消息。

Description

Phantom Signature Attack: An Analysis of the Critical Vulnerability CVE-2025-29774 in the Bitcoin Protocol, SIGHASH_SINGLE Implementation Flaws, and the Mathematical Framework for Private Key Recovery in Lost Cryptocurrency Wallets Enabling Unrestricted Control over BTC Assets

File Snapshot


 None

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!