VDB
GO-2025-3997
GO-2025-3997
PUBLISHED
CVSS 9.300000190734863 CRITICAL
github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | MANTRA-Chain/mantrachain/v2 | 0, 0 |
| github.com | MANTRA-Chain/mantrachain/v3 | 0, 0 |
| github.com | MANTRA-Chain/mantrachain | 0, 0 |
| github.com | MANTRA-Chain/mantrachain/v4 | 0, 0 |
Timeline
- Oct 23, 2025 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8j69 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61595 advisory
- https://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e980ca5df284e4 patch
- https://github.com/MANTRA-Chain/mantrachain/issues/432 report