CVE-2025-53638
MEDIUMVectorized solady 0.0.125-0.1.24 - Silent Initialization Failure via Proxy Deployment
Title source: llmDescription
Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return a `bool` or some other return data. This is because regular Solidity uses `extcodesize(proxy)` to decide if call succeeds. This is insufficient in the case when the proxy points to an empty implementation. Users should upgrade to Solady v0.1.24 or later to receive a patch. Deploy any affected implementations and their factories on new EVM chains as soon as possible.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Vectorized/solady/security/advisories/GHSA-8xvx-4mvg-m9v8
Release Notes x_refsource_misc
https://github.com/Vectorized/solady/releases/tag/v0.1.24
Scores
CVSS v4
6.9
EPSS
0.0030
EPSS Percentile
21.7%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (1)
Vectorized/solady
>= 0.0.125, < 0.1.24
Published
Jul 17, 2025
Tracked Since
Feb 18, 2026