Headline
GHSA-8pfh-j44r-f654: Cosmos EVM Vulnerability
Patches
Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.
Workarounds
No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.
Testing
Tests are introduced in every affected version.
Credits
Special thanks to @yihuang for the help on this issue.
- GitHub Advisory Database
- GitHub Reviewed
- GHSA-8pfh-j44r-f654
Cosmos EVM Vulnerability
Critical severity GitHub Reviewed Published Oct 21, 2025 in cosmos/evm • Updated Oct 21, 2025
Package
gomod github.com/cosmos/evm (Go)
Affected versions
>= 0.3.0, < 0.3.2
>= 0.4.0, < 0.4.2
Patched versions
0.3.2
0.4.2
Patches
Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.
Workarounds
No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.
Testing
Tests are introduced in every affected version.
Credits
Special thanks to @yihuang for the help on this issue.
References
- GHSA-8pfh-j44r-f654
- cosmos/evm@79089fe
Published to the GitHub Advisory Database
Oct 21, 2025
Last updated
Oct 21, 2025