CVE-2025-56207

A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers to transfer NFTs to the zero address, leading to permanent asset loss and non-compliance with the ERC721 standard. The eth address is 0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7, contract name is MoneyMakingOpportunity, and compiler version is v0.8.17+commit.8df45f5f.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/Monekon/CVE/blob/main/Vulnerabilities/MMO_Transfer_to_ZeroAddress.md

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una falla de seguridad en la función '_transfer' de una implementación de contrato inteligente para Money Making Opportunity (MMO), un proyecto de Token No Fungible (NFT) ERC721 de Ethereum, permite a los usuarios o atacantes transferir NFT a la dirección cero, lo que lleva a la pérdida permanente de activos y al incumplimiento del estándar ERC721. La dirección de eth es 0x41d3d86a84c8507a7bc14f2491ec4d188fa944e7, el nombre del contrato es MoneyMakingOpportunity y la versión del compilador es v0.8.17+commit.8df45f5f.

01 Oct 2025, 20:18

Type	Values Removed	Values Added
CWE		CWE-1259
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

30 Sep 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-30 17:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-56207

Mitre link : CVE-2025-56207

CVE.ORG link : CVE-2025-56207

JSON object : View

Products Affected

No product.

CWE

CWE-1259

Improper Restriction of Security Token Assignment

6.5 /10