CVE-2025-53359
CVE-2025-53359 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-754.
Key facts
- Severity: Medium (CVSS 4.0 base score 6.9)
- EPSS exploit prediction: 0% (27th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-19744
- Weakness: CWE-754
- Published:
- Last modified:
Description
ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.
Frequently asked questions
- What is CVE-2025-53359?
- ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability (according to EIP-2) was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is not a security issue and not as high of a risk if the ethereum crate is used on a single-implementation blockchain. This issue has been patched in version v0.18.0. A workaround for this issue involves manually checking transaction malleability outside of the crate, however upgrading is recommended.
- How severe is CVE-2025-53359?
- CVE-2025-53359 has a CVSS 4.0 base score of 6.9, rated medium severity.
- Is CVE-2025-53359 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (27th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-53359?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-53359 have an EU (EUVD) identifier?
- Yes. CVE-2025-53359 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-19744.
- When was CVE-2025-53359 published?
- CVE-2025-53359 was published on 2025-07-02 and last updated on 2026-06-17.
References
- https://github.com/rust-ethereum/ethereum/commit/2dd9d1d5d0936ec7350093ff3a5a7169a349db77
- https://github.com/rust-ethereum/ethereum/pull/67
- https://github.com/rust-ethereum/ethereum/security/advisories/GHSA-3w94-vq2x-v5wr
Other CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities
- CVE-2026-24054 — Critical (CVSS 10.0): Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs)…
- CVE-2021-0211 — Critical (CVSS 10.0): An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Routing…
- CVE-2026-8091 — Critical (CVSS 9.8): Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150,…
- CVE-2024-52316 — Critical (CVSS 9.8): Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta…
- CVE-2024-7826 — Critical (CVSS 9.8): Improper Check for Unusual or Exceptional Conditions vulnerability in Webroot SecureAnywhere - Web Shield on Windows,…
- CVE-2023-37303 — Critical (CVSS 9.8): An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to…
Browse all CWE-754 (Improper Check for Unusual or Exceptional Conditions) vulnerabilities →