Cosmos EVM Vulnerability

Patches

Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.

Workarounds

No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.

Testing

Tests are introduced in every affected version.

Credits

Special thanks to @yihuang for the help on this issue.

Published: Oct 21, 2025
Updated: Oct 22, 2025
GHSA: GHSA-8pfh-j44r-f654
Severity: Critical
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
github.com/cosmos/evm	0.3.0	0.3.2
github.com/cosmos/evm	0.4.0	0.4.2

https://github.com/cosmos/evm/commit/79089feebe79ce1f35250ba457cbd436e6bfff8b
https://github.com/cosmos/evm/security/advisories/GHSA-8pfh-j44r-f654

Vulnerability Database

Cosmos EVM Vulnerability

Patches

Workarounds

Testing

Credits

Deep Security Visibility Without the Complexity