Login Sign Up

CVE-2021-25835

7.5 HIGH
Authentication Bypass

📋 TL;DR

Cosmos Network Ethermint versions up to v0.4.0 have a cross-chain transaction replay vulnerability in the EVM module. This allows attackers to replay valid Ethereum transactions on Ethermint networks, potentially enabling unauthorized fund transfers or contract interactions. Anyone running vulnerable Ethermint nodes is affected.

💻 Affected Systems

Products:
  • Cosmos Network Ethermint
Versions: <= v0.4.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments using Ethermint EVM module with default configuration are vulnerable.

📦 What is this software?

Ethermint by Chainsafe

View all CVEs affecting Ethermint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could drain funds from accounts by replaying legitimate Ethereum transactions on Ethermint networks, potentially causing significant financial losses.

🟠

Likely Case

Unauthorized transaction replay leading to asset theft or unauthorized smart contract interactions on Ethermint-based networks.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated by implementing chain-specific transaction signatures.

🌐 Internet-Facing: HIGH - Ethermint nodes are typically internet-facing blockchain nodes that process transactions from any source.
🏢 Internal Only: LOW - This vulnerability specifically affects cross-chain transaction processing, which requires external transaction sources.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires understanding of both Ethereum and Ethermint transaction structures, but no authentication is needed to submit transactions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.4.1 and later

Vendor Advisory: https://github.com/cosmos/ethermint/issues/687

Restart Required: Yes

Instructions:

1. Update Ethermint to v0.4.1 or later. 2. Restart all Ethermint nodes. 3. Verify the fix by checking transaction signatures are now chain-specific.

🔧 Temporary Workarounds

Transaction validation middleware

all

Implement custom transaction validation to reject transactions with Ethereum chainID signatures

Custom implementation required - no standard commands

🧯 If You Can't Patch

  • Monitor for suspicious transaction replays between Ethereum and Ethermint networks
  • Implement rate limiting on transaction processing to detect unusual patterns

🔍 How to Verify

Check if Vulnerable:

Check Ethermint version: if <= v0.4.0, system is vulnerable

Check Version:

ethermint version

Verify Fix Applied:

Verify Ethermint version is >= v0.4.1 and test that transactions with Ethereum chainID are rejected

📡 Detection & Monitoring

Log Indicators:

  • Multiple identical transactions from different chain origins
  • Transaction signature validation failures for cross-chain transactions

Network Indicators:

  • Unusual transaction patterns matching Ethereum mainnet activity
  • Cross-chain transaction attempts

SIEM Query:

transaction.source_chain != current_chain AND transaction.signature_valid = true

📊 Metadata

CVE ID: CVE-2021-25835
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-294
Published: February 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-25835, you might also want to check these:

CVE-2025-49752 10.0

CVE-2025-49752 is an elevation of privilege vulnerability in Azure Bastion that allows authenticated...

Same vulnerability type (CWE-294)
CVE-2022-29334 9.8

CVE-2022-29334 is an authentication bypass vulnerability in H v1.0 that allows attackers to gain una...

Same vulnerability type (CWE-294)
CVE-2018-17932 9.8

CVE-2018-17932 affects JUUKO K-800 industrial control devices, allowing attackers to replay commands...

Same vulnerability type (CWE-294)