CVE-2025-21607
Published: 14 January 2025
Summary
CVE-2025-21607 is a high-severity Always-Incorrect Control Flow Implementation (CWE-670) vulnerability in Vyperlang Vyper. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 26.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-11 (Error Handling).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and correction of the Vyper compiler flaw by updating to version 0.4.1, preventing generation of vulnerable smart contract code.
Requires the system to validate information inputs such as precompile success flags from EcRecover and Identity, halting execution on failure to avoid incorrect control flow.
Vulnerability scanning detects CVE-2025-21607 in the Vyper compiler, enabling timely remediation before compiling and deploying affected smart contracts.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific…
more
amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. This issue is fixed in 0.4.1.
Deeper analysisAI
CVE-2025-21607 is a vulnerability in the Vyper compiler, a Pythonic smart contract language for the Ethereum Virtual Machine (EVM). The issue occurs when the compiler uses the precompiles EcRecover (address 0x1) and Identity (address 0x4), as it does not check the success flag returned by these calls. This allows a failed call to proceed without halting execution, potentially resulting in incorrect outcomes.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and association with CWE-670 (Always-Incorrect Control Flow Implementation). By supplying a precise amount of gas, an attacker can force the precompile to fail while permitting the transaction to continue. EVM gas rules then leave only 1/64 of the pre-call gas for remaining code, restricting exploits to simple subsequent operations and yielding incorrect execution results with high integrity impact.
Mitigation is provided in Vyper version 0.4.1, which addresses the success flag check. Official advisories, the fixing commit (7136eab0a254aa2ff7ddca41cc05f2ee1fa99caf), and pull request (#4451) are documented on the Vyper GitHub security page (GHSA-vgf2-gvx8-xwc3).
No significantly impacted real-world contracts were identified, and the advisory was issued out of an abundance of caution.
Details
- CWE(s)