CVE-2025-27104

Name of the Vulnerable Software and Affected Versions Vyper versions prior to 0.4.1

Description The issue concerns the potential for multiple evaluations of a single expression in the iterator target of a for loop, which can lead to unexpected program behavior. Specifically, reads in iterators that contain an ifexp may interleave reads with writes in the loop body, consuming side effects produced in the loop body. This can occur with Vyper for loops that allow two kinds of iterator targets: the range() builtin and an iterable type, like SArray and DArray. The estimated number of potentially affected devices worldwide is not provided. There are no known real-world incidents where this issue was exploited.

Recommendations For versions prior to 0.4.1, upgrade to version 0.4.1 as soon as the patched release is available. At the moment, there is no information about other workarounds for this vulnerability.