CVE-2025-61595

HIGH

MANTRA-Chain mantrachain < 4.0.2 - Uncontrolled Resource Consumption via Send Hook Gas Limit Bypass

Title source: llm

Description

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/MANTRA-Chain/mantrachain/security/advisories/GHSA-qwvm-wqq8-8j69

Patch x_refsource_misc

https://github.com/MANTRA-Chain/mantrachain/commit/30d36c46e9823b56b8f0dcbb66e980ca5df284e4

View Patch ZIP pw:eip

Scores

CVSS v4 8.8

EPSS 0.0031

EPSS Percentile 21.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400 CWE-770

Status published

Products (3)

MANTRA-Chain/mantrachain 0 (3 CPE variants)Go

MANTRA-Chain/mantrachain 0 - 4.0.2Go

MANTRA-Chain/mantrachain < 4.0.2

Published Oct 02, 2025

Tracked Since Feb 18, 2026