{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-54429", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-21T23:18:10.282Z", "datePublished": "2025-07-28T20:34:56.710Z", "dateUpdated": "2025-07-28T20:46:59.149Z"}, "containers": {"cna": {"title": "Polkadot Frontier's constructing smart contract can bypass precompile address bounding", "problemTypes": [{"descriptions": [{"cweId": "CWE-704", "lang": "en", "description": "CWE-704: Incorrect Type Conversion or Cast", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h"}, {"name": "https://github.com/polkadot-evm/frontier/pull/1655", "tags": ["x_refsource_MISC"], "url": "https://github.com/polkadot-evm/frontier/pull/1655"}, {"name": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf", "tags": ["x_refsource_MISC"], "url": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf"}], "affected": [{"vendor": "polkadot-evm", "product": "frontier", "versions": [{"version": "< 0822030", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-28T20:34:56.710Z"}, "descriptions": [{"lang": "en", "value": "Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030."}], "source": {"advisory": "GHSA-fr62-ppwc-mc2h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-28T20:46:45.907352Z", "id": "CVE-2025-54429", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T20:46:59.149Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54429", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-28T20:46:45.907352Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-28T20:46:50.346Z"}}], "cna": {"title": "Polkadot Frontier's constructing smart contract can bypass precompile address bounding", "source": {"advisory": "GHSA-fr62-ppwc-mc2h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "polkadot-evm", "product": "frontier", "versions": [{"status": "affected", "version": "< 0822030"}]}], "references": [{"url": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h", "name": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/polkadot-evm/frontier/pull/1655", "name": "https://github.com/polkadot-evm/frontier/pull/1655", "tags": ["x_refsource_MISC"]}, {"url": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf", "name": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-704", "description": "CWE-704: Incorrect Type Conversion or Cast"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-28T20:34:56.710Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54429", "state": "PUBLISHED", "dateUpdated": "2025-07-28T20:46:59.149Z", "dateReserved": "2025-07-21T23:18:10.282Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-28T20:34:56.710Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for safety. For precompiles to be callable by smart contracts they must be explicitly configured as CallableByContract. If this configuration is absent, then the precompile should be unreachable via smart contract accounts. In commits prior to 0822030, the underlying implementation of CallableByContract which returned the AddressType was incorrect. It considered the contract address running under CREATE or CREATE2 to be AddressType::EOA rather than correctly as AddressType::Contract. The issue only affects users who use custom precompile implementations that utilize AddressType::EOA and AddressType::Contract. It's not directly exploitable in any of the predefined precompiles in Frontier. This is fixed in version 0822030."}, {"lang": "es", "value": "Polkadot Frontier es una capa de compatibilidad con Ethereum y EVM para Polkadot y Substrate. Existen varios tipos de direcciones de cuenta en Frontier, como contratos precompilados, contratos inteligentes y cuentas externas. Por seguridad, algunos mecanismos de EVM deber\u00edan ser inaccesibles para ciertos tipos de cuentas. Para que las precompilaciones sean invocables por contratos inteligentes, deben configurarse expl\u00edcitamente como CallableByContract. Si esta configuraci\u00f3n no est\u00e1 presente, la precompilaci\u00f3n deber\u00eda ser inaccesible a trav\u00e9s de cuentas de contratos inteligentes. En commits anteriores a la 0822030, la implementaci\u00f3n subyacente de CallableByContract que devolv\u00eda el tipo de direcci\u00f3n era incorrecta. Consideraba que la direcci\u00f3n del contrato que se ejecutaba bajo CREATE o CREATE2 era AddressType::EOA en lugar de la correcta AddressType::Contract. El problema solo afecta a los usuarios que usan implementaciones de precompilaci\u00f3n personalizadas que utilizan AddressType::EOA y AddressType::Contract. No se puede explotar directamente en ninguna de las precompilaciones predefinidas de Frontier. Esto se solucion\u00f3 en la versi\u00f3n 0822030."}], "id": "CVE-2025-54429", "lastModified": "2025-07-29T14:14:29.590", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-28T21:15:27.647", "references": [{"source": "[email protected]", "url": "https://dotpal.io/assets/files/frontier-srlabs-2505-718c3bfa5df9fed1862fed05de506859.pdf"}, {"source": "[email protected]", "url": "https://github.com/polkadot-evm/frontier/pull/1655"}, {"source": "[email protected]", "url": "https://github.com/polkadot-evm/frontier/security/advisories/GHSA-fr62-ppwc-mc2h"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "[email protected]", "type": "Primary"}]}

{}