CVE-2025-59941

Name of the Vulnerable Software and Affected Versions go-f3 versions 0.8.8 and below

Description go-f3’s justification verification caching mechanism improperly caches verification results without considering the message context. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. The cached verification does not validate the relationship between the justification and the specific message context. Exploitation requires significant computational power (350+ TiB) and coordinated timing to impact a substantial portion of the network.

Recommendations Upgrade to go-f3 version 0.8.9 or later.