Skip to content

Cosmos EVM Vulnerability

Critical severity GitHub Reviewed Published Oct 21, 2025 in cosmos/evm • Updated Oct 21, 2025

Package

gomod github.com/cosmos/evm (Go)

Affected versions

>= 0.3.0, < 0.3.2
>= 0.4.0, < 0.4.2

Patched versions

0.3.2
0.4.2

Description

Patches

Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.

Workarounds

No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.

Testing

Tests are introduced in every affected version.

Credits

Special thanks to @yihuang for the help on this issue.

References

@vladjdk vladjdk published to cosmos/evm Oct 21, 2025
Published to the GitHub Advisory Database Oct 21, 2025
Reviewed Oct 21, 2025
Last updated Oct 21, 2025

Severity

Critical

EPSS score

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-8pfh-j44r-f654

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.