PT-2025-42374 · Unknown · Alloy Core

Published

2025-10-15

Updated

2025-10-21

CVE-2025-62370

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Alloy Core libraries versions prior to 0.8.26 Alloy Core libraries versions prior to 1.4.1

Description A flaw exists in Alloy Core libraries that could lead to a denial-of-service (DoS) condition. This issue is triggered by malformed input to the alloy dyn abi::TypedData function, specifically within the eip712 signing hash() function. Systems requiring high availability, such as network services, may be especially vulnerable. External auto-restarting mechanisms can offer partial mitigation, but repeated attacks could still cause availability issues. The root cause is a lack of a check for empty elements before accessing them, leading to an uncaught panic.

Recommendations Update Alloy Core libraries to version 0.8.26 or later. Update Alloy Core libraries to version 1.4.1 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-248CWE-20

Related Identifiers

CVE-2025-62370

GHSA-PGP9-98JM-WWQ2

OPENSUSE-SU-2025:15652-1

RUSTSEC-2025-0073

Affected Products

Alloy Core

PT-2025-42374 · Unknown · Alloy Core

CVE-2025-62370

Weakness Enumeration

Related Identifiers

Affected Products

References · 19