CVE-2025-53359

CVE-2025-53359 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.

Key facts

Description

ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.

Frequently asked questions

What is CVE-2025-53359?
ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.
How severe is CVE-2025-53359?
CVE-2025-53359 has a CVSS 4.0 base score of 6.9, rated medium severity.
Is CVE-2025-53359 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (27th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2025-53359?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
Does CVE-2025-53359 have an EU (EUVD) identifier?
Yes. CVE-2025-53359 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-19744.
When was CVE-2025-53359 published?
CVE-2025-53359 was published on 2025-07-02 and last updated on 2026-06-17.

References

Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities

Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →