CVE-2025-27611
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-27611
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-27611.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-27611
- Aliases
- Downstream
- Published
- 2025-04-30T19:36:57Z
- Modified
- 2025-10-30T20:30:22.968248Z
- Severity
-
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- base-x homograph attack allows Unicode lookalike characters to bypass validation.
- Details
-
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.
- Database specific
{ "cwe_ids": [ "CWE-1007" ] }- References
Affected packages
Git / github.com/cryptocoinjs/base-x
Affected ranges
- Type
- GIT
- Repo
- https://github.com/cryptocoinjs/base-x
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "= 5.0.0" } ] }