CVE-2025-24883

HIGH

go-ethereum <1.14.13 - DoS

Title source: llm

Description

go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.

References (2)

[Vendor Advisory] https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2

[Patch] https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f

View Patch ZIP pw:eip

Scores

CVSS v4 8.7

EPSS 0.0004

EPSS Percentile 11.0%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-248

Status published

Products (2)

ethereum/go-ethereum 1.14.0 - 1.14.13Go

ethereum/go-ethereum >= 1.14.0, < 1.14.13

Published Jan 30, 2025

Tracked Since Feb 18, 2026