An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.
Metrics
Affected Vendors & Products
References
History
Thu, 22 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cosmwasm
Cosmwasm cosmwasm |
|
CPEs | cpe:2.3:a:cosmwasm:cosmwasm:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Cosmwasm
Cosmwasm cosmwasm |
Fri, 21 Mar 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-284 | |
Metrics |
cvssV3_1
|
Wed, 19 Mar 2025 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 18 Mar 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published: 2025-03-18T00:00:00.000Z
Updated: 2025-03-21T16:21:14.200Z
Reserved: 2025-02-07T00:00:00.000Z
Link: CVE-2025-25500

Updated: 2025-03-21T16:21:09.929Z

Status : Analyzed
Published: 2025-03-18T14:15:43.493
Modified: 2025-05-22T19:52:28.640
Link: CVE-2025-25500

No data.