Login Sign Up

CVE-2025-59942

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2025-59942 is an integer overflow vulnerability in go-f3's message validation that causes Filecoin nodes to panic and crash when processing specially crafted 'poison' messages. This affects all Filecoin nodes using go-f3 versions 0.8.6 and below for F3 consensus. Attackers can cause denial of service by sending malicious messages directly to vulnerable nodes.

💻 Affected Systems

Products:
  • go-f3 (Filecoin Fast Finality implementation)
Versions: 0.8.6 and below
Operating Systems: All platforms running go-f3
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Filecoin nodes configured to use F3 consensus with go-f3 library.

📦 What is this software?

Go F3 by Filecoin

View all CVEs affecting Go F3 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sustained denial of service attacks could crash multiple Filecoin nodes, disrupting blockchain consensus and network availability.

🟠

Likely Case

Targeted nodes crash and restart, causing temporary service disruption until messages are cleared or patched.

🟢

If Mitigated

With proper network controls, only authorized nodes can send messages, limiting attack surface to trusted participants.

🌐 Internet-Facing: MEDIUM - Attack requires direct message delivery to targets, but internet-facing nodes are accessible for such attacks.
🏢 Internal Only: LOW - Internal nodes are less exposed unless attacker has internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires crafting specific 'poison' messages with signer index causing integer overflow. No authentication needed but requires direct message delivery to each target.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.8.7

Vendor Advisory: https://github.com/filecoin-project/go-f3/security/advisories/GHSA-g99p-47x7-mq88

Restart Required: Yes

Instructions:

1. Update go-f3 dependency to version 0.8.7 or higher. 2. Rebuild and redeploy Filecoin node software. 3. Restart all affected nodes.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict F3 message traffic to trusted nodes only using firewall rules.

🧯 If You Can't Patch

  • Implement strict network ACLs to allow F3 messages only from trusted consensus participants
  • Monitor for node crashes and restart automatically with process supervision

🔍 How to Verify

Check if Vulnerable:

Check go-f3 version in your Filecoin node dependencies. If using version 0.8.6 or below, you are vulnerable.

Check Version:

Check your go.mod file for 'github.com/filecoin-project/go-f3' version or run 'go list -m github.com/filecoin-project/go-f3'

Verify Fix Applied:

Verify go-f3 dependency is updated to 0.8.7 or higher in your build configuration.

📡 Detection & Monitoring

Log Indicators:

  • Node panic logs mentioning go-f3 validation
  • Unexpected node restarts/crashes during consensus

Network Indicators:

  • Unusual F3 message patterns from untrusted sources
  • Spike in malformed message rejections

SIEM Query:

Process crashes with 'panic' AND component contains 'go-f3' OR 'F3'

📊 Metadata

CVE ID: CVE-2025-59942
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-190
EPSS Score: 0.08% exploit probability (23.9th percentile)
Published: September 29, 2025
Last Updated: October 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-59942, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)