Vyper Smart Contract Language Vulnerability Affecting Python Development
CVE-2025-21607

2.3LOW

Key Information:

Vendor

Vyperlang

Status
Vyper
Vendor
CVE Published:
14 January 2025

What is CVE-2025-21607?

The Vyper compiler, known for its Pythonic approach to writing smart contracts on the Ethereum Virtual Machine (EVM), contains a vulnerability related to the EcRecover and Identity precompiles. In this scenario, the compiler fails to verify the success status of external calls. An attacker could exploit this by sending a specific gas amount to force these calls to fail while allowing the overall execution to proceed. This scenario results in potential inaccuracies in execution outcomes, as only a fraction of the pre-call-gas is available for subsequent operations. While this flaw has not significantly impacted real-world contracts, an advisory has been issued out of an abundance of caution to prompt awareness and preventive measures among developers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

vyper < 0.4.1

References

https://github.com/vyperlang/vyper/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/vyperlang/vyper/pull/4451
x_refsource_MISC
https://github.com/vyperlang/vyper/commit/7136eab0a254aa2...
x_refsource_MISC

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.