CVE-2025-27611
HIGHbase-x < 3.0.11, 4.0.0, 5.0.0 - Insufficient Visual Distinction of Homoglyphs
Title source: llmDescription
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p
Issue Tracking x_refsource_misc
https://github.com/cryptocoinjs/base-x/pull/86
Scores
CVSS v4
8.7
EPSS
0.0038
EPSS Percentile
59.4%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1007
Status
published
Products (4)
cryptocoinjs/base-x
< 3.0.11
cryptocoinjs/base-x
= 4.0.0
cryptocoinjs/base-x
= 5.0.0
npm/base-x
5.0.0 - 5.0.1npm
Published
Apr 30, 2025
Tracked Since
Feb 18, 2026