CVE-2025-24883
CVE-2025-24883 is a high-severity vulnerability with a CVSS 4.0 base score of 8.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-248.
Key facts
- Severity: High (CVSS 4.0 base score 8.7)
- EPSS exploit prediction: 1% (48th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-0184
- Weakness: CWE-248
- Published:
- Last modified:
Description
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
Frequently asked questions
- What is CVE-2025-24883?
- go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.14.13.
- How severe is CVE-2025-24883?
- CVE-2025-24883 has a CVSS 4.0 base score of 8.7, rated high severity.
- Is CVE-2025-24883 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (48th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-24883?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- Does CVE-2025-24883 have an EU (EUVD) identifier?
- Yes. CVE-2025-24883 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-0184.
- When was CVE-2025-24883 published?
- CVE-2025-24883 was published on 2025-01-30 and last updated on 2026-06-17.
References
- https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f
- https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2
Other CWE-248 vulnerabilities
- CVE-2018-11466 — Critical (CVSS 9.8): A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions),…
- CVE-2024-42037 — Critical (CVSS 9.3): Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may…
- CVE-2025-53620 — Critical (CVSS 9.2): @builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the…
- CVE-2026-46689 — High (CVSS 8.7): Kanidm is an identity management platform. Prior to version 1.9.3, a single unauthenticated GET to any /scim/v1/...…
- CVE-2026-9509 — High (CVSS 8.7): An unhandled exception in Suprema BioStar 2 (Server), versions 2.9.8, 2.9.10, and 2.9.11, that allows an…
- CVE-2025-9124 — High (CVSS 8.7): A denial-of-service security issue in the affected product. The security issue stems from a fault occurring when a…