CVE-2025-61595

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-61595

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-61595.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-61595

Aliases

Downstream

SUSE-SU-2025:3799-1

Related

SUSE-SU-2025:3799-1

Published

2025-10-02T19:36:41Z

Modified

2025-11-01T02:49:53.105448Z

Severity

8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

MANTRA tx gas limit is not enforced in send hooks

Details

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.

Database specific

{
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ]
}

References

Affected packages

Git / github.com/mantra-chain/mantrachain

Affected ranges

Type: GIT
Repo: https://github.com/mantra-chain/mantrachain
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1491567db4bd425b02dab8097f571c2993317017

Affected versions

v1.*

v1.0.0-alpha.10

v1.0.0-alpha.4

v1.0.0-alpha.5

v1.0.0-alpha.6

v1.0.0-alpha.7

v1.0.0-alpha.8

v1.0.0-alpha.9

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v2.*

v2.0.0

v3.*

v3.0.0

v4.*

v4.0.0

v4.0.0-rc1

v4.0.0-rc2

v4.0.1