Home > Vulnerability Database > CVE-2025-25500

Mend.io Vulnerability Database

CVE-2025-25500

Good to know:

Date: March 17, 2025

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-25500

Url: https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500

Url: https://github.com/CVEProject/cveproject.github.io/blob/gh-pages/requester/reservation-guidelines.md

Url: https://github.com/CosmWasm/cosmwasm/blob/v2.2.0/CHANGELOG.md

Url: https://github.com/CosmWasm/cosmwasm

Url: https://www.mend.io/vulnerability-database/CVE-2025-25500

Severity Score

7.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Missing Authentication for Critical Function

CWE-306

Top Fix

Upgrade Version

Upgrade to version cosmwasm-vm - 2.2.0;cosmwasm-check - 2.2.0;https://github.com/CosmWasm/cosmwasm.git - v2.2.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-25500

Good to know:

Date: March 17, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?