Ethereum v.1.12.2 Insecure Permissions vulnerability allows Remote Privilege Escalation via WaterToken Contract
CVE-2024-51425

8.8HIGH

Key Information:

Vendor: Ethereum
Status: WaterToken Smart Contract
Vendor: CVE Published:; 30 October 2024

What is CVE-2024-51425?

The WaterToken smart contract, deployed on the Ethereum blockchain, contains a vulnerability that could potentially be exploited by remote attackers. This defect allows for an unspecified level of impact, primarily through malicious function calls. While third-party assessments have challenged the severity of its impact, emphasizing its limitations, the issue underscores the importance of scrutinizing smart contracts for security flaws to safeguard against potential threats and ensure operational integrity.

References

https://github.com/Wzy-source/Gala/blob/main/CVEs/WaterTo...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 30, 2024

CVE-2024-51425 Data

JSON