CVE-2025-29072
Published: 27 March 2025
Summary
CVE-2025-29072 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Nethermind Juno. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 17.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
An integer overflow vulnerability exists in Nethermind Juno versions prior to 12.05 within the Sierra bytecode decompression logic of the cairo-lang-starknet-classes library. The flaw, tracked as CVE-2025-29072 and assigned CWE-190, permits remote attackers to submit a crafted Declare v2 or v3 transaction that triggers an infinite loop and sustained high CPU consumption, resulting in denial of service against Starknet full-node implementations. The issue carries a CVSS 3.1 score of 7.5 reflecting network-exploitable availability impact without authentication or user interaction.
Attackers can exploit the condition by sending a malicious transaction directly to any exposed Starknet node running an affected Juno release. Successful exploitation causes the node to enter a resource-exhaustion state, disrupting block processing and potentially partitioning the node from the network until manual intervention or restart occurs.
Public references indicate that the vulnerability was addressed in Juno commit 51074875941aa111c5dd2b41f2ec890a4a15b587, which updates the decompression routine to prevent the overflow. Starknet community guidance recommends that node operators upgrade to version 12.05 or later to restore normal operation.
The associated EPSS score has remained flat at 0.0168 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8645
Vulnerability details
An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results…
more
in a denial-of-service condition for affected Starknet full-node implementations.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The integer overflow vulnerability in Sierra bytecode decompression enables remote unauthenticated attackers to trigger an infinite loop and excessive CPU usage via crafted transactions, directly facilitating Endpoint Denial of Service through Application or System Exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates malformed Declare v2/v3 transaction bytecode inputs to prevent integer overflows and infinite loops during Sierra decompression.
Ensures timely remediation of the integer overflow flaw through patching to Nethermind Juno v1.2.05 or later as identified in the vendor commit.
Implements denial-of-service protections to limit effects of high CPU usage and resource exhaustion from triggered infinite loops.