CVE-2025-61595

CVSS v4.0

8.8

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MANTRA versions prior to 4.0.2

Description The software does not enforce transaction gas limits within its send hooks. This allows send hooks to consume more gas than available in the transaction, and recursive calls within the WebAssembly (Wasm) contract can exponentially increase gas consumption. This issue affects a purpose-built Real World Asset (RWA) Layer 1 Blockchain designed to adhere to real-world regulatory requirements.

Recommendations Upgrade to version 4.0.2 or later.

Exploit

Fix

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2025-61595

GHSA-QWVM-WQQ8-8J69

GO-2025-3997

OPENSUSE-SU-2025:15666-1

SUSE-SU-2025:3799-1

Affected Products

Mantra

CVE-2025-61595

Weakness Enumeration

Related Identifiers

Affected Products

References · 50