CVE-2025-59941
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-10-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| filecoin | go-f3 | to 0.8.9 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-305 | The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in go-f3 versions 0.8.8 and below involves the justification verification caching mechanism. It caches verification results without properly considering the context of the message. This allows an attacker to bypass justification verification by submitting a valid message with a correct justification and then reusing the cached justification in contexts where it would normally be invalid, due to improper validation of the relationship between the justification and the specific message context.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to bypass the justification verification process, potentially leading to unauthorized or invalid messages being accepted. This can compromise the integrity of the system, causing incorrect or malicious data to be processed, which may affect system reliability and trustworthiness.
What immediate steps should I take to mitigate this vulnerability?
Upgrade go-f3 to version 0.8.9 or later, where the justification verification caching vulnerability is fixed.