CVE-2025-59941
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-18

Assigner: GitHub, Inc.

Description
go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by submitting a valid message with a correct justification and then reusing the same cached justification in contexts where it would normally be invalid. This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with. This issue is fixed in version 0.8.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-18
Generated
2026-06-16
AI Q&A
2025-09-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-59941
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
filecoin go-f3 to 0.8.9 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-305 The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in go-f3 versions 0.8.8 and below involves the justification verification caching mechanism. It caches verification results without properly considering the context of the message. This allows an attacker to bypass justification verification by submitting a valid message with a correct justification and then reusing the cached justification in contexts where it would normally be invalid, due to improper validation of the relationship between the justification and the specific message context.

Impact Analysis

This vulnerability can impact you by allowing an attacker to bypass the justification verification process, potentially leading to unauthorized or invalid messages being accepted. This can compromise the integrity of the system, causing incorrect or malicious data to be processed, which may affect system reliability and trustworthiness.

Mitigation Strategies

Upgrade go-f3 to version 0.8.9 or later, where the justification verification caching vulnerability is fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59941. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart