VDB
CVE-2025-61595
CVE-2025-61595
PUBLISHED
CVSS 8.8 HIGH
Reported by GitHub_M · Published October 2, 2025
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.
Risk Scores
CVSS v4.0
8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| MANTRA-Chain | mantrachain | < 4.0.2 |
| github.com | MANTRA-Chain/mantrachain/v2 | 0, 0, 0 |
| MANTRA-Chain | mantrachain | < 4.0.2, < 4.0.2, * |
| github.com | MANTRA-Chain/mantrachain/v4 | 0, 0, 0 |
| github.com | MANTRA-Chain/mantrachain/v3 | 0, 0, 0 |
| github.com | MANTRA-Chain/mantrachain | 0, 0, 0 |
Timeline
- Jan 21, 1970 Security Advisory
- Sep 30, 2025 CVE Published
- Oct 3, 2025 EPSS Score
- Oct 9, 2025 EPSS Score
- Oct 16, 2025 EPSS Score
- Oct 22, 2025 EPSS Score
- Oct 23, 2025 CVE Updated
- Oct 29, 2025 EPSS Score
- Nov 4, 2025 EPSS Score
- Nov 11, 2025 EPSS Score
- Nov 17, 2025 EPSS Score
- Nov 24, 2025 EPSS Score
References
- https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8j69 x_refsource_CONFIRM
- https://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e980ca5df284e4 x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2025-61595 advisory
- https://github.com/advisories/GHSA-qwvm-wqq8-8j69 advisory
- https://github.com/MANTRA-Chain/mantrachain/issues/432 url
- https://github.com/MANTRA-Chain/mantrachain url
- https://pkg.go.dev/vuln/GO-2025-3997 url