Denial of Service Vulnerability in go-ethereum by Ethereum Foundation
CVE-2025-24883

8.7HIGH

Key Information:

Vendor

Ethereum

Status
Go-ethereum
Vendor
CVE Published:
30 January 2025

Badges

📈 Score: 985📰 News Worthy

What is CVE-2025-24883?

CVE-2025-24883 is a vulnerability identified in the go-ethereum (geth) implementation, part of the Ethereum protocol maintained by the Ethereum Foundation. This vulnerability allows an attacker to disrupt the operation of a vulnerable Ethereum node by sending a specially crafted message, leading to a forced shutdown or crash of the application. This can have detrimental effects on organizations reliant on Ethereum nodes for blockchain operations, affecting transaction processing, network integrity, and overall business continuity.

Technical Details

The vulnerability resides specifically in go-ethereum, the Go language implementation used for executing Ethereum protocol operations. The issue is tied to how the application handles incoming messages. A malicious actor can exploit this flaw to send malformed data to a vulnerable instance of a node, triggering a Denial of Service (DoS) condition. The vulnerability has been addressed in version 1.14.13, and organizations running earlier versions should update to mitigate the risk.

Potential impact of CVE-2025-24883

  1. Disruption of Services: The primary impact is the potential to disrupt the operations of Ethereum-based applications and services. A DoS attack could lead to service outages, greatly affecting businesses that rely on the Ethereum network for transactions or decentralized applications (dApps).

  2. Loss of Financial Transactions: Organizations using Ethereum nodes for processing transactions may experience failed or delayed operations, leading to financial losses and damage to reputation, especially in environments where timely transactions are critical.

  3. Threat to Network Integrity: The vulnerability poses a risk to the overall integrity and availability of the Ethereum network. Prolonged exploitation could result in a negative perception of the Ethereum blockchain, impacting user trust and adoption.

Affected Version(s)

go-ethereum >= 1.14.0, < 1.14.13

News Articles

favicon imageChainCatcher

Ethereum client Geth releases "Schwarzschild" update to fix security vulnerabilities - ChainCatcher

ChainCatcher news, according to The Block, the official Go implementation client of the Ethereum protocol, Geth, has released version 1.14.13 codenamed "Schwarzschild."This update fixes a vulnerability affecting the peer-to-peer (p2p) layer (CVE-2025-24883), which could allow nodes to suffer from de...

References

https://github.com/ethereum/go-ethereum/security/advisori...
x_refsource_CONFIRM
https://github.com/ethereum/go-ethereum/commit/fa9a2ff868...
x_refsource_MISC

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 📰

    First article discovered by ChainCatcher

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-24883 : Denial of Service Vulnerability in go-ethereum by Ethereum Foundation