CVE-2025-27611

base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.

CVSS

No CVSS.

References

Link	Resource
https://github.com/cryptocoinjs/base-x/pull/86
https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) base-x es un codificador y decodificador base de cualquier alfabeto que utiliza compresión de ceros a la izquierda, al estilo de Bitcoin. Las versiones 4.0.0, 5.0.0 y todas las anteriores a la 3.0.11 son vulnerables a que los atacantes engañen a los usuarios para que envíen fondos a una dirección no deseada. Este problema se ha corregido en las versiones 3.0.11, 4.0.1 y 5.0.1.

30 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-30 20:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-27611

Mitre link : CVE-2025-27611

CVE.ORG link : CVE-2025-27611

JSON object : View

Products Affected

No product.

CWE

CWE-1007

Insufficient Visual Distinction of Homoglyphs Presented to User

{"id": "CVE-2025-27611", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-30T20:15:21.430", "references": [{"url": "https://github.com/cryptocoinjs/base-x/pull/86", "source": "security-advisories@github.com"}, {"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1007"}]}], "descriptions": [{"lang": "en", "value": "base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1."}, {"lang": "es", "value": "base-x es un codificador y decodificador base de cualquier alfabeto que utiliza compresi\u00f3n de ceros a la izquierda, al estilo de Bitcoin. Las versiones 4.0.0, 5.0.0 y todas las anteriores a la 3.0.11 son vulnerables a que los atacantes enga\u00f1en a los usuarios para que env\u00eden fondos a una direcci\u00f3n no deseada. Este problema se ha corregido en las versiones 3.0.11, 4.0.1 y 5.0.1."}], "lastModified": "2025-05-02T13:53:40.163", "sourceIdentifier": "security-advisories@github.com"}