CVE-2021-25837

HIGH

Cosmos Network Ethermint <= v0.4.0 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-25837. PoCs published by iczc.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for CVE-2021-25837, an issue in Ethermint. It includes a Docker setup to replicate the vulnerable environment and a script to configure the Ethermint CLI for testing the vulnerability.

Description

Cosmos Network Ethermint <= v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cache data will be discarded at EndBlock, it is still valid in the current block, which enables many possible attacks such as an "arbitrary mint token".

Exploits (1)

nomisec WORKING POC 3 stars
by iczc · poc
https://github.com/iczc/Ethermint-CVE-2021-25837

This repository provides a functional proof-of-concept for CVE-2021-25837, an issue in Ethermint. It includes a Docker setup to replicate the vulnerable environment and a script to configure the Ethermint CLI for testing the vulnerability.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Ethermint
No auth needed
Prerequisites: Docker environment · Ethermint CLI
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107

Scores

CVSS v3 7.5
EPSS 0.0155
EPSS Percentile 72.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
chainsafe/ethermint < 0.4.0
Published Feb 08, 2021
Tracked Since Feb 18, 2026