Summary
BRC-104 Authentication Signature Data Preparation Vulnerability
A critical cryptographic vulnerability in the TypeScript SDK's BRC-104 authentication implementation caused incorrect signature data preparation, resulting in signature incompatibility between SDK implementations and potential authentication bypass scenarios.
Details
The vulnerability was located in the Peer.ts file of the TypeScript SDK, specifically in the processInitialRequest and processInitialResponse methods where signature data is prepared for BRC-104 mutual authentication.
Vulnerable Code Locations:
ts-sdk/src/auth/Peer.tslines 527-531 (signing)ts-sdk/src/auth/Peer.tslines 584-590 (verification)
Root Cause:
The TypeScript SDK incorrectly prepared signature data by:
- Concatenating base64-encoded nonce strings:
message.initialNonce + sessionNonce - Then decoding the concatenated base64 string:
base64ToBytes(concatenatedString)
This produced ~32-34 bytes of signature data instead of the correct 64 bytes.
Buggy Implementation (Before Fix):
// CRITICAL BUG: Concatenating base64 strings before decoding
data: Peer.base64ToBytes(message.initialNonce + sessionNonce)
Correct Implementation (After Fix):
The fix properly decodes each base64 nonce individually, then concatenates the byte arrays:
data: [
...Peer.base64ToBytes(message.initialNonce),
...Peer.base64ToBytes(sessionNonce)
]
Why This is Critical:
BRC-104 authentication relies on cryptographic signatures to establish mutual trust between peers. When signature data preparation is incorrect:
- Signatures generated by the TypeScript SDK don't match those expected by Go/Python SDKs
- Cross-implementation authentication fails
- An attacker could potentially exploit this to bypass authentication checks
PoC
The cross-language test suite demonstrates this vulnerability:
- Setup: Use identical nonces and cryptographic inputs across TypeScript, Python, and Go SDKs
- Vulnerable behavior: TypeScript SDK produces different signature data than Go/Python reference implementations
- Impact demonstration: Authentication attempts between TypeScript clients and Go/Python servers fail due to signature mismatch
Test Evidence:
// Buggy approach (produces ~32-34 bytes)
const concatenatedB64 = INITIAL_NONCE_B64 + SESSION_NONCE_B64;
const buggyResult = Array.from(Buffer.from(concatenatedB64, 'base64'));
// Correct approach (produces 64 bytes)
const correctResult = [...INITIAL_NONCE_BYTES, ...SESSION_NONCE_BYTES];
Base64 Padding Short Circuit Analysis:
The vulnerability occurs because base64 padding characters (=) act as early termination signals for base64 decoders. When concatenating base64 strings before decoding:
- Individual nonces: Each 44-character base64 string decodes to 32 bytes
- Concatenated string: 88-character string containing padding in the middle
- Decoding result: Base64 decoder stops at the first
=padding character, producing only 32 bytes instead of 64
Example with test data:
INITIAL_NONCE_B64:"QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE="(44 chars → 32 bytes)SESSION_NONCE_B64:"QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkI="(44 chars → 32 bytes)- Concatenated:
"QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE=QkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkI=" - Buggy decode: Only 32 bytes (decoder stops at first
=) - Correct decode: 64 bytes (32 + 32, decoded separately then concatenated)
Impact
Vulnerability Type: Cryptographic signature verification bypass
Severity: Critical (CVSS 9.1 - Critical)
Affected Systems:
- TypeScript SDK clients attempting to authenticate with Go or Python SDK servers
- Any BRC-104 implementation relying on cross-SDK compatibility
- Mutual authentication protocols using the affected signature preparation
Who is Impacted:
- Applications using the TypeScript SDK for BRC-104 authentication
- Systems requiring cross-language/SDK authentication compatibility
- Any peer-to-peer authentication scenarios where TypeScript clients communicate with non-TypeScript servers
Potential Attack Vectors:
- Authentication bypass through signature verification failure
- Man-in-the-middle attacks if authentication is silently ignored
- Denial of service through failed authentication attempts
The fix ensures all SDKs now produce identical cryptographic signatures, restoring proper mutual authentication across implementations.
CVE-2025-69287 has a CVSS score of 5.4 (Medium). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (2.0.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2025-69287? CVE-2025-69287 is a medium-severity security vulnerability in @bsv/sdk (npm), affecting versions < 2.0.0. It is fixed in 2.0.0.
- How severe is CVE-2025-69287? CVE-2025-69287 has a CVSS score of 5.4 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of @bsv/sdk are affected by CVE-2025-69287? @bsv/sdk (npm) versions < 2.0.0 is affected.
- Is there a fix for CVE-2025-69287? Yes. CVE-2025-69287 is fixed in 2.0.0. Upgrade to this version or later.
- Is CVE-2025-69287 exploitable, and should I be worried? Whether CVE-2025-69287 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2025-69287 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2025-69287? Upgrade
@bsv/sdkto 2.0.0 or later.