CVE-2025-65951HIGH 8.7EPSS p1.2%

CVE-2025-65951CVE-2025-65951

Description

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f.

Scoring

CVSS 3.18.7 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
EPSS0.10% probability of exploitation · percentile 1.2% · 2026-06-18T12:00:27Z
Published2025-11-25
Last modified2026-04-15

Underlying weaknesses· 2

CWE-200CWE-327

References

  1. https://github.com/mescuwa/entropy-derby/commit/2d38d2f16bbb3b4240698148f80d8c5202725c77
  2. https://github.com/mescuwa/entropy-derby/security/advisories/GHSA-pm54-f847-w4mh

2

TypeTargetConfidenceTier
WeaknessExposure of Sensitive Information to an Unauthorized Actorcwe-2000%live
WeaknessUse of a Broken or Risky Cryptographic Algorithmcwe-3270%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25835
CVE
CVE-2025-59614
CVE
CVE-2025-59606
CVE
CVE-2026-25277
CVE
CVE-2026-25260
CVE
CVE-2026-22904
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.