CVE-2025-59941
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-59941, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-09-29

Last updated on: 2025-10-18

Assigner: GitHub, Inc.

Description

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-09-29
Last Modified
2025-10-18
Generated
2026-07-06
AI Q&A
2025-09-30
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
filecoin go-f3 to 0.8.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in go-f3 versions 0.8.8 and below involves the justification verification caching mechanism. It caches verification results without properly considering the context of the message. This allows an attacker to bypass justification verification by submitting a valid message with a correct justification and then reusing the cached justification in contexts where it would normally be invalid, due to improper validation of the relationship between the justification and the specific message context.

Impact Analysis

This vulnerability can impact you by allowing an attacker to bypass the justification verification process, potentially leading to unauthorized or invalid messages being accepted. This can compromise the integrity of the system, causing incorrect or malicious data to be processed, which may affect system reliability and trustworthiness.

Mitigation Strategies

Upgrade go-f3 to version 0.8.9 or later, where the justification verification caching vulnerability is fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart