CVE-2025-25500

High

Published: 18 March 2025

Published

18 March 2025

Modified

22 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score 0.0092 76.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25500 is a high-severity Improper Access Control (CWE-284) vulnerability in Cosmwasm Cosmwasm. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-25 Reference Monitor good match

prevent

Implements a reference monitor for runtime validation of capability restrictions, directly addressing the lack of enforcement in CosmWasm that allows unauthorized contract actions.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to blockchain resources, preventing attackers from bypassing capability checks during contract deployment and execution.

AC-6 Least Privilege partial match

prevent

Applies least privilege to limit contract capabilities, reducing the impact of runtime validation bypasses by restricting unnecessary permissions.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables remote exploitation of a public-facing blockchain platform (T1190) via malicious contract deployment to bypass capability restrictions, directly facilitating unauthorized actions equivalent to privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.

Deeper analysisAI

CVE-2025-25500 is a vulnerability in CosmWasm prior to version v2.2.0 that stems from a lack of runtime capability validation, enabling attackers to bypass capability restrictions in blockchains. This flaw, tracked under CWE-284 (Improper Access Control), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and was published on 2025-03-18T14:15:43.493. Affected systems include blockchain platforms leveraging CosmWasm for smart contract execution, where the absence of validation allows contracts to operate without enforced capabilities.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By deploying a malicious contract that evades capability checks, they can execute unauthorized actions on the blockchain, such as altering state or performing operations beyond intended permissions, resulting in high integrity impacts without compromising confidentiality or availability.

Advisories reference a GitHub Gist detailing the vulnerability at https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500, which aligns with upgrading to CosmWasm v2.2.0 to address the runtime validation deficiency.