Home > Vulnerability Database > CVE-2025-27105

Mend.io Vulnerability Database

CVE-2025-27105

Good to know:

Date: February 21, 2025

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity Score

9.1

Related Resources (5)

Url: https://github.com/pypa/advisory-database/tree/main/vulns/vyper/PYSEC-2025-31.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-27105

Url: https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp

Url: https://github.com/vyperlang/vyper

Url: https://www.mend.io/vulnerability-database/CVE-2025-27105

Severity Score

9.1

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version vyper - 0.4.1

Learn More

CVSS v3.1

Base Score:	9.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-27105

Good to know:

Date: February 21, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?