Initialization Function Failure in Solady Software by Vectorized
CVE-2025-53638

6.9MEDIUM

Key Information:

Vendor: Vectorized
Status: Solady
Vendor: CVE Published:; 17 July 2025

What is CVE-2025-53638?

The Solady software developed by Vectorized has a vulnerability related to proxy deployments that can cause initialization functions to fail silently. This occurs when an account deployed via a proxy does not return a boolean value or any return data during its initialization. The underlying issue arises from the way the Solidity language checks whether calls succeed, relying on extcodesize(proxy) to determine call success. In scenarios where the proxy implementation is empty, this check fails, leading to hidden failures that users may not readily detect. To mitigate this issue, it is crucial for users to update to Solady version 0.1.24 or later and ensure that all affected implementations and their factories are deployed on new Ethereum Virtual Machine (EVM) chains promptly.

Affected Version(s)

solady >= 0.0.125, < 0.1.24

References

https://github.com/Vectorized/solady/security/advisories/...

x_refsource_CONFIRM

https://github.com/Vectorized/solady/releases/tag/v0.1.24

x_refsource_MISC

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 17, 2025
Vulnerability Reserved
Jul 7, 2025