GHSA-8pfh-j44r-f654: Cosmos EVM Vulnerability

October 21, 2025

Patches

Patched in versions v0.3.1, v0.4.2, and in the v0.5.0 release. More information will be disclosed at a later point to ensure chains have time to safely upgrade.

Workarounds

No workarounds for chains that make use of static or dynamic precompiles. Upgrading is strongly recommended.

Testing

Tests are introduced in every affected version.

Credits

Special thanks to @yihuang for the help on this issue.

References

github.com/advisories/GHSA-8pfh-j44r-f654
github.com/cosmos/evm
github.com/cosmos/evm/commit/79089feebe79ce1f35250ba457cbd436e6bfff8b
github.com/cosmos/evm/security/advisories/GHSA-8pfh-j44r-f654

Code Behaviors & Features

Detect and mitigate GHSA-8pfh-j44r-f654 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →