CVE 8.7 HIGH

Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage_CVE-2025-65951

November 24, 2025 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Description

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f.

AI Analysis

Timelock encryption bypass via pre-computed VDF output leakage

Basic Information

ID CVE-2025-65951

Source GitHub_M

Published Nov 25, 2025 at 00:30

Affected Product

Vendor mescuwa

Product entropy-derby

Version < 2d38d2f16bbb3b4240698148f80d8c5202725c77

Affected Versions mescuwa entropy-derby < 2d38d2f16bbb3b4240698148f80d8c5202725c77

CWE Classification

CWE-200 CWE-327

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor mescuwa

Product entropy-derby

Version < 2d38d2f16bbb3b4240698148f80d8c5202725c77

References

{
    "lastseen": "",
    "description": "Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f.",
    "published": "2025-11-25T00:30:14.735Z",
    "modified": "2025-11-25T00:30:14.735Z",
    "type": "cve",
    "title": "Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage",
    "source": "GitHub_M",
    "references": "https://github.com/mescuwa/entropy-derby/security/advisories/GHSA-pm54-f847-w4mh\nhttps://github.com/mescuwa/entropy-derby/commit/2d38d2f16bbb3b4240698148f80d8c5202725c77",
    "id": "CVE-2025-65951",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-327"
    ],
    "cvelist": null,
    "sourceData": "mescuwa entropy-derby < 2d38d2f16bbb3b4240698148f80d8c5202725c77",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "entropy-derby",
    "version": "< 2d38d2f16bbb3b4240698148f80d8c5202725c77",
    "vendor": "mescuwa",
    "ai_description": "Timelock encryption bypass via pre-computed VDF output leakage",
    "ai_severity": "High",
    "ai_vendor": "mescuwa",
    "ai_product": "entropy-derby",
    "ai_version": "< 2d38d2f16bbb3b4240698148f80d8c5202725c77",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply