Scille - Parsec-cloud - HIGH - CVE-2025-62514. The Parsec cloud application has a vulnerability stemming from the `libparsec_crypto` component, found in versions prior to 3.6.0. This issue is related to the weak order point of Curve25519, exploited by an attacker positioned as a man-in-the-middle. In this scenario, the attacker can present weak order points during the Diffie-Hellman exchange, which significantly increases the chances of both parties arriving at the same shared key. This deception misleads participants into believing their connection is secure, even when it is not. Notably, only the Parsec web application is impacted, as the desktop version utilizes a different backend (libsodium) which is not affected. The vulnerability has been patched in version 3.6.0 of Parsec.