CVE-2025-53638

MEDIUM

Solady <0.1.24 - Info Disclosure

Title source: llm

Description

Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular Solidity to call its initialization function may result in a silent failure, if the initialization function does not return a `bool` or some other return data. This is because regular Solidity uses `extcodesize(proxy)` to decide if call succeeds. This is insufficient in the case when the proxy points to an empty implementation. Users should upgrade to Solady v0.1.24 or later to receive a patch. Deploy any affected implementations and their factories on new EVM chains as soon as possible.

References (2)

[Vendor Advisory] https://github.com/Vectorized/solady/security/advisories/GHSA-8xvx-4mvg-m9v8

[Release Notes] https://github.com/Vectorized/solady/releases/tag/v0.1.24

Scores

CVSS v4 6.9

EPSS 0.0010

EPSS Percentile 26.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (1)

Vectorized/solady >= 0.0.125, < 0.1.24

Published Jul 17, 2025

Tracked Since Feb 18, 2026