CVE-2025-24800

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-24800

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24800.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-24800

Aliases

GHSA-wwx5-gpgr-vxr7

Published

2025-01-28T15:41:43.461Z

Modified

2026-04-02T12:46:46.032500Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Critical vulnerability in `ismp-grandpa` <v15.0.1

Details

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or compromise other kinds of cross-chain applications. This vulnerability is fixed in 15.0.1.

Database specific

{
    "cwe_ids": [
        "CWE-347",
        "CWE-670"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/24xxx/CVE-2025-24800.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/polytope-labs/hyperbridge

Affected ranges

Type

GIT

Repo

https://github.com/polytope-labs/hyperbridge

Events

Introduced

Fixed

f0e85db718f5165b06585a49b14a66f8ad643aea

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.0.1"
        }
    ]
}

Affected versions

crypto-utils-v0.*

crypto-utils-v0.1.0

crypto-utils-v0.2.0

Other

gargantua-v1700

gargantua-v2900

gargantua-v3100

gargantua-v3200

gargantua-v3300

gargantua-v3400

gargantua-v3500

gargantua-v3600

gargantua-v3700

gargantua-v3800

gargantua-v3900

gargantua-v4000

gargantua-v4100

nexus-2800

nexus-v1900

nexus-v2000

nexus-v2900

nexus-v3000

nexus-v3100

nexus-v3200

nexus-v3400

nexus-v3500

nexus-v3600

nexus-v3700

nexus-v3800

nexus-v3900

nexus-v4000

nexus-v4100

nexus-v5000

nexus-v5100

nexus-v5200

nexus-v5300

nexus-v5400

nexus-v5500

nexus-v5600

nexus-v5700

nexus-v5800

nexus-v5900

nexus-v6000

nexus-v6100

nexus-v6200

nexus-v6300

nexus-v6500

nexus-v6700

tesseract-consensus-fulu

tesseract-consensus-nofulu

grandpa-verifier-primitives-v0.*

grandpa-verifier-primitives-v0.2.0

grandpa-verifier-primitives-v1.*

grandpa-verifier-primitives-v1.0.0

grandpa-verifier-primitives-v2.*

grandpa-verifier-primitives-v2.0.0

grandpa-verifier-primitives-v2.1.0

grandpa-verifier-primitives-v2.2.0

grandpa-verifier-primitives-v2506.*

grandpa-verifier-primitives-v2506.0.0

grandpa-verifier-primitives-v2506.1.0

grandpa-verifier-primitives-v2512.*

grandpa-verifier-primitives-v2512.0.0

grandpa-verifier-v0.*

grandpa-verifier-v0.2.0

grandpa-verifier-v1.*

grandpa-verifier-v1.0.0

grandpa-verifier-v2.*

grandpa-verifier-v2.0.0

grandpa-verifier-v2.1.0

grandpa-verifier-v2.2.0

grandpa-verifier-v2506.*

grandpa-verifier-v2506.0.0

grandpa-verifier-v2506.1.0

grandpa-verifier-v2512.*

grandpa-verifier-v2512.0.0

hyperbridge-indexer-v1.*

hyperbridge-indexer-v1.4.0

hyperbridge-indexer-v1.4.1

hyperbridge-indexer-v1.4.4

hyperbridge-v0.*

hyperbridge-v0.4.5

hyperbridge-v0.4.6

hyperbridge-v0.4.7

hyperbridge-v0.5.0

hyperbridge-v0.5.2

hyperbridge-v0.6.0

hyperbridge-v0.6.2

hyperbridge-v0.6.3

hyperbridge-v1.*

hyperbridge-v1.0.0

hyperbridge-v1.1.0

hyperbridge-v1.2.0

hyperbridge-v1.3.0

hyperbridge-v1.4.0

hyperbridge-v1.4.1

hyperbridge-v1.4.2

ismp-grandpa-v1.*

ismp-grandpa-v1.15.2

ismp-grandpa-v1.15.3

ismp-grandpa-v1.15.4

ismp-grandpa-v15.*

ismp-grandpa-v15.0.0

ismp-grandpa-v16.*

ismp-grandpa-v16.0.0

ismp-grandpa-v2412.*

ismp-grandpa-v2412.0.0

ismp-grandpa-v2503.*

ismp-grandpa-v2503.0.0

ismp-grandpa-v2503.1.0

ismp-grandpa-v2503.1.1

ismp-grandpa-v2503.2.0

ismp-grandpa-v2506.*

ismp-grandpa-v2506.0.0

ismp-grandpa-v2506.1.0

ismp-grandpa-v2506.2.0

ismp-grandpa-v2512.*

ismp-grandpa-v2512.0.0

ismp-parachain-inherent-v1.*

ismp-parachain-inherent-v1.15.2

ismp-parachain-inherent-v1.15.3

ismp-parachain-inherent-v15.*

ismp-parachain-inherent-v15.0.0

ismp-parachain-inherent-v15.1.0

ismp-parachain-inherent-v16.*

ismp-parachain-inherent-v16.0.0

ismp-parachain-inherent-v16.1.0

ismp-parachain-inherent-v2412.*

ismp-parachain-inherent-v2412.0.0

ismp-parachain-inherent-v2503.*

ismp-parachain-inherent-v2503.0.0

ismp-parachain-inherent-v2503.1.0

ismp-parachain-inherent-v2503.2.0

ismp-parachain-inherent-v2506.*

ismp-parachain-inherent-v2506.0.0

ismp-parachain-inherent-v2506.1.0

ismp-parachain-inherent-v2506.1.1

ismp-parachain-inherent-v2512.*

ismp-parachain-inherent-v2512.0.0

ismp-parachain-runtime-api-v15.*

ismp-parachain-runtime-api-v15.0.0

ismp-parachain-runtime-api-v16.*

ismp-parachain-runtime-api-v16.0.0

ismp-parachain-runtime-api-v2412.*

ismp-parachain-runtime-api-v2412.0.0

ismp-parachain-runtime-api-v2503.*

ismp-parachain-runtime-api-v2503.0.0

ismp-parachain-runtime-api-v2503.1.0

ismp-parachain-runtime-api-v2503.2.0

ismp-parachain-runtime-api-v2506.*

ismp-parachain-runtime-api-v2506.0.0

ismp-parachain-runtime-api-v2512.*

ismp-parachain-runtime-api-v2512.0.0

ismp-parachain-v1.*

ismp-parachain-v1.15.2

ismp-parachain-v1.15.3

ismp-parachain-v15.*

ismp-parachain-v15.1.0

ismp-parachain-v16.*

ismp-parachain-v16.0.0

ismp-parachain-v16.1.0

ismp-parachain-v2412.*

ismp-parachain-v2412.0.0

ismp-parachain-v2503.*

ismp-parachain-v2503.0.0

ismp-parachain-v2503.1.0

ismp-parachain-v2503.1.1

ismp-parachain-v2503.2.0

ismp-parachain-v2503.3.0

ismp-parachain-v2506.*

ismp-parachain-v2506.0.0

ismp-parachain-v2506.1.0

ismp-parachain-v2506.2.0

ismp-parachain-v2506.3.0

ismp-parachain-v2512.*

ismp-parachain-v2512.0.0

ismp-v0.*

ismp-v0.2.2

ismp-v1.*

ismp-v1.0.0

ismp-v1.1.0

ismp-v1.2.1

ismp-v1.2.2

ismp-v2506.*

ismp-v2506.0.0

ismp-v2506.1.0

ismp-v2506.1.1

ismp-v2512.*

ismp-v2512.0.0

pallet-hyperbridge-v1.*

pallet-hyperbridge-v1.15.2

pallet-hyperbridge-v1.15.3

pallet-hyperbridge-v16.*

pallet-hyperbridge-v16.0.0

pallet-hyperbridge-v2412.*

pallet-hyperbridge-v2412.0.0

pallet-hyperbridge-v2503.*

pallet-hyperbridge-v2503.0.0

pallet-hyperbridge-v2503.1.0

pallet-hyperbridge-v2503.2.0

pallet-hyperbridge-v2506.*

pallet-hyperbridge-v2506.0.0

pallet-hyperbridge-v2506.1.0

pallet-hyperbridge-v2506.1.1

pallet-hyperbridge-v2512.*

pallet-hyperbridge-v2512.0.0

pallet-ismp-rpc-v1.*

pallet-ismp-rpc-v1.15.2

pallet-ismp-rpc-v1.15.3

pallet-ismp-rpc-v15.*

pallet-ismp-rpc-v15.0.0

pallet-ismp-rpc-v16.*

pallet-ismp-rpc-v16.0.0

pallet-ismp-rpc-v2412.*

pallet-ismp-rpc-v2412.0.0

pallet-ismp-rpc-v2503.*

pallet-ismp-rpc-v2503.0.0

pallet-ismp-rpc-v2503.1.0

pallet-ismp-rpc-v2503.2.0

pallet-ismp-rpc-v2506.*

pallet-ismp-rpc-v2506.0.0

pallet-ismp-rpc-v2506.1.0

pallet-ismp-rpc-v2512.*

pallet-ismp-rpc-v2512.0.0

pallet-ismp-runtime-api-v1.*

pallet-ismp-runtime-api-v1.15.2

pallet-ismp-runtime-api-v1.15.3

pallet-ismp-runtime-api-v15.*

pallet-ismp-runtime-api-v15.0.0

pallet-ismp-runtime-api-v16.*

pallet-ismp-runtime-api-v16.0.0

pallet-ismp-runtime-api-v2412.*

pallet-ismp-runtime-api-v2412.0.0

pallet-ismp-runtime-api-v2503.*

pallet-ismp-runtime-api-v2503.0.0

pallet-ismp-runtime-api-v2503.1.0

pallet-ismp-runtime-api-v2503.2.0

pallet-ismp-runtime-api-v2506.*

pallet-ismp-runtime-api-v2506.0.0

pallet-ismp-runtime-api-v2506.1.0

pallet-ismp-runtime-api-v2512.*

pallet-ismp-runtime-api-v2512.0.0

pallet-ismp-v1.*

pallet-ismp-v1.15.2

pallet-ismp-v1.15.3

pallet-ismp-v15.*

pallet-ismp-v15.1.0

pallet-ismp-v16.*

pallet-ismp-v16.0.0

pallet-ismp-v2412.*

pallet-ismp-v2412.0.0

pallet-ismp-v2503.*

pallet-ismp-v2503.0.0

pallet-ismp-v2503.1.0

pallet-ismp-v2503.2.0

pallet-ismp-v2506.*

pallet-ismp-v2506.0.0

pallet-ismp-v2506.1.0

pallet-ismp-v2512.*

pallet-ismp-v2512.0.0

pallet-token-gateway-v1.*

pallet-token-gateway-v1.15.2

pallet-token-gateway-v1.15.3

pallet-token-gateway-v15.*

pallet-token-gateway-v15.0.0

pallet-token-gateway-v15.1.0

pallet-token-gateway-v15.1.1

pallet-token-gateway-v16.*

pallet-token-gateway-v16.0.0

pallet-token-gateway-v2412.*

pallet-token-gateway-v2412.0.0

pallet-token-gateway-v2503.*

pallet-token-gateway-v2503.0.0

pallet-token-gateway-v2503.1.0

pallet-token-gateway-v2503.1.1

pallet-token-gateway-v2503.2.0

pallet-token-gateway-v2506.*

pallet-token-gateway-v2506.0.0

pallet-token-gateway-v2506.1.0

pallet-token-gateway-v2506.2.0

pallet-token-gateway-v2512.*

pallet-token-gateway-v2512.0.0

polyhedron-v1.*

polyhedron-v1.5.0

sdk-v1.*

sdk-v1.8.0

sdk-v1.8.2

sdk-v1.8.8

simplex-v0.*

simplex-v0.1.0

simplex-v0.2.0

simplex-v0.3.0

substrate-state-machine-v1.*

substrate-state-machine-v1.15.2

substrate-state-machine-v1.15.3

substrate-state-machine-v16.*

substrate-state-machine-v16.0.0

substrate-state-machine-v2412.*

substrate-state-machine-v2412.0.0

substrate-state-machine-v2503.*

substrate-state-machine-v2503.0.0

substrate-state-machine-v2503.1.0

substrate-state-machine-v2503.2.0

substrate-state-machine-v2506.*

substrate-state-machine-v2506.0.0

substrate-state-machine-v2506.1.0

substrate-state-machine-v2512.*

substrate-state-machine-v2512.0.0

tesseract-consensus-v1.*

tesseract-consensus-v1.0.0

tesseract-consensus-v1.0.1

tesseract-consensus-v1.2.0

tesseract-consensus-v1.2.1

tesseract-consensus-v1.2.2

tesseract-consensus-v1.2.3

tesseract-consensus-v1.2.4

tesseract-consensus-v1.2.5

tesseract-consensus-v1.2.6

tesseract-consensus-v1.2.7

tesseract-consensus-v1.2.8

tesseract-consensus-v1.2.9

tesseract-consensus-v1.3.0

tesseract-consensus-v1.4.1

tesseract-consensus-v1.5.0

tesseract-consensus-v1.6.0

tesseract-v0.*

tesseract-v0.3.2

tesseract-v0.3.3

tesseract-v0.3.4

tesseract-v0.3.5

tesseract-v0.3.6

tesseract-v0.3.7

tesseract-v0.6.0

tesseract-v0.7.0

tesseract-v0.8.0

tesseract-v1.*

tesseract-v1.0.0

tesseract-v1.0.1

tesseract-v1.0.2

tesseract-v1.1.0

tesseract-v1.1.1

tesseract-v1.1.2

tesseract-v1.1.3

tesseract-v1.1.4

tesseract-v1.1.5

tesseract-v1.1.6

tesseract-v1.1.7

tesseract-v1.1.8

tesseract-v1.1.9

tesseract-v1.2.0

tesseract-v1.2.1

tesseract-v1.3.1

tesseract-v1.3.2

tesseract-v1.4.0

tesseract-v1.5.0

tesseract-v1.6.0

token-gateway-primitives-v1.*

token-gateway-primitives-v1.15.2

token-gateway-primitives-v1.15.3

token-gateway-primitives-v15.*

token-gateway-primitives-v15.0.0

token-gateway-primitives-v16.*

token-gateway-primitives-v16.0.0

token-gateway-primitives-v2412.*

token-gateway-primitives-v2412.0.0

token-gateway-primitives-v2503.*

token-gateway-primitives-v2503.0.0

token-gateway-primitives-v2503.1.0

token-gateway-primitives-v2503.2.0

token-gateway-primitives-v2506.*

token-gateway-primitives-v2506.0.0

token-gateway-primitives-v2506.1.0

token-gateway-primitives-v2512.*

token-gateway-primitives-v2512.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24800.json"