How severe is CVE-2025-21607?

This vulnerability has a severity rating of LOW with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-21607?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2025-21607 - LOW Severity | CVSS 7.5

Vulnerability Description

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. This issue is fixed in 0.4.1.

Related Vulnerabilities

CVE-2014-2686

HIGH

CVSS:7.5(High)

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

CWE-6702014

CVE-2019-11412

HIGH

CVSS:7.5(High)

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

CWE-6702019

CVE-2019-19324

HIGH

CVSS:7.5(High)

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.

CWE-6702019

CVE-2019-19729

HIGH

CVSS:7.5(High)

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the us...

CWE-6702019

CVE-2019-9946

HIGH

CVSS:7.5(High)

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts ...

CWE-6702019

CVE-2020-36277

HIGH

CVSS:7.5(High)

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.

CWE-6702020