Signature Malleability Vulnerability in Ethereum Crate for Rust
CVE-2025-53359

6.9MEDIUM

Key Information:

Vendor

Rust-ethereum

Status
Ethereum
Vendor
CVE Published:
2 July 2025

What is CVE-2025-53359?

The Ethereum crate for Rust, prior to version v0.18.0, exhibited a specification deviation that failed to check for signature malleability in EIP-2930, EIP-1559, and EIP-7702 transactions. While signature malleability itself does not present a critical security threat on single-implementation blockchains, it is advisable to upgrade to version v0.18.0 to ensure compliance with specifications. A workaround involves conducting manual checks for transaction malleability outside of the crate.

Affected Version(s)

ethereum < 0.18.0

References

https://github.com/rust-ethereum/ethereum/security/adviso...
x_refsource_CONFIRM
https://github.com/rust-ethereum/ethereum/pull/67
x_refsource_MISC
https://github.com/rust-ethereum/ethereum/commit/2dd9d1d5...
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.