CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24883: go-ethereum has a DoS via malicious p2p message

8.7 CVSS

Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

Classification

CVE ID: CVE-2025-24883

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor: ethereum

Product: go-ethereum

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2
https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f

Timeline

2025-01-31 00:30:22 UTC
CVE

go-ethereum has a DoS via malicious p2p message