Is github.com/altcha-org/altcha-lib-go affected by CVE-2025-68113?

Go github.com/altcha-org/altcha-lib-go is affected in <1.0.0.

Is CVE-2025-68113 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2025-68113

Q: Is CVE-2025-68113 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Go · github.com/altcha-org/altcha-lib-go • Packagist · altcha-org/altcha

Summary

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay in github.com/altcha-org/altcha-lib-go

Severity: medium
EPSS: 0.3% (p17)
Also known as: GHSA-6gvq-jcmp-8959, GO-2025-4239
Published: 2025-12-16

References

https://github.com/altcha-org/altcha-lib/security/advisories/GHSA-6gvq-jcmp-8959
https://github.com/altcha-org/altcha-lib-go/commit/4a5610745ef79895a67bac858b2e4f291c2614b8
https://github.com/altcha-org/altcha-lib-ex/commit/09b2bad466ad0338a5b24245380950ea9918333e

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.