CVE-2025-27105

CRITICAL

vyperlang/vyper < 0.4.1 - Out-of-bounds Write via DynArray AugAssign Statement

Title source: llm

Description

vyper is a Pythonic Smart Contract Language for the EVM. Vyper handles AugAssign statements by first caching the target location to avoid double evaluation. However, in the case when target is an access to a DynArray and the rhs modifies the array, the cached target will evaluate first, and the bounds check will not be re-evaluated during the write portion of the statement. This issue has been addressed in version 0.4.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

References (1)

Core 1

Core References

Exploit, Vendor Advisory x_refsource_confirm

https://github.com/vyperlang/vyper/security/advisories/GHSA-4w26-8p97-f4jp

Scores

CVSS v3 9.1

EPSS 0.0033

EPSS Percentile 55.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-787

Status published

Products (2)

pypi/vyper 0 - 0.4.1PyPI

vyperlang/vyper < 0.4.1

Published Feb 21, 2025

Tracked Since Feb 18, 2026