CVE-2025-61595
MANTRA tx gas limit is not enforced in send hooks
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
02 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Productos afectados
MANTRA-Chain · mantrachain¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →