Cyber Resilience

CVE-2025-25500

High

Published: 18 March 2025

Published
18 March 2025
Modified
22 May 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0094 76.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-25500 is a high-severity Improper Access Control (CWE-284) vulnerability in Cosmwasm Cosmwasm. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-25500 is a vulnerability in CosmWasm prior to version v2.2.0 that stems from a lack of runtime capability validation, enabling attackers to bypass capability restrictions in blockchains. This flaw, tracked under CWE-284 (Improper Access Control), carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) and was published on 2025-03-18T14:15:43.493. Affected systems include blockchain platforms leveraging CosmWasm for smart contract execution, where the absence of validation allows contracts to operate without enforced capabilities.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By deploying a malicious contract that evades capability checks, they can execute unauthorized actions on the blockchain, such as altering state or performing operations beyond intended permissions, resulting in high integrity impacts without compromising confidentiality or availability.

Advisories reference a GitHub Gist detailing the vulnerability at https://gist.github.com/H3T76/8096a6ff9410f3a6d9a25db1a68ae657#file-cve-2025-25500, which aligns with upgrading to CosmWasm v2.2.0 to address the runtime validation deficiency.

EU & UK References

Vulnerability details

An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability enables remote exploitation of a public-facing blockchain platform (T1190) via malicious contract deployment to bypass capability restrictions, directly facilitating unauthorized actions equivalent to privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2026-21636Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2024-53348Shared CWE-284
CVE-2025-20229Shared CWE-284
CVE-2026-24300Shared CWE-284
CVE-2026-20750Shared CWE-284
CVE-2025-2280Shared CWE-284
CVE-2025-70064Shared CWE-284

Affected Assets

cosmwasm
cosmwasm
≤ 2.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements a reference monitor for runtime validation of capability restrictions, directly addressing the lack of enforcement in CosmWasm that allows unauthorized contract actions.

prevent

Enforces approved authorizations for access to blockchain resources, preventing attackers from bypassing capability checks during contract deployment and execution.

prevent

Applies least privilege to limit contract capabilities, reducing the impact of runtime validation bypasses by restricting unnecessary permissions.

References