Denial-of-Service Vulnerability in Alloy Core Libraries by Alloy
CVE-2025-62370

7.5HIGH

Key Information:

Vendor

Alloy-rs

Status
Core
Vendor
CVE Published:
15 October 2025

What is CVE-2025-62370?

A vulnerability in the Alloy Core libraries allows for a denial-of-service condition triggered by malformed input in the eip712_signing_hash() function. This issue affects versions prior to 0.8.26 and 1.4.1, with high availability services facing potential disruptions. Developers can mitigate this risk by implementing external auto-restart mechanisms, however, this may only offer partial relief against repeated attacks. The vulnerability was resolved by adding a safeguard to ensure inputs are validated for emptiness before operation, with the fix applied in subsequent versions.

Affected Version(s)

core < 0.8.26 < 0.8.26

core >= 1.0.0, < 1.4.1 < 1.0.0, 1.4.1

References

https://github.com/alloy-rs/core/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/alloy-rs/core/commit/7823e9af8c20e9fcf...
x_refsource_MISC
https://crates.io/crates/alloy-dyn-abi/0.8.26
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-62370 : Denial-of-Service Vulnerability in Alloy Core Libraries by Alloy