GO-2025-3989 go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3

go-f3 Vulnerable to Cached Justification Verification Bypass in github.com/filecoin-project/go-f3...

CVE-2025-59941 go-f3 is Vulnerable to Cached Justification Verification Bypass

go-f3 is a Golang implementation of Fast Finality for Filecoin F3. In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass...

CVE-2025-59941

go-f3 (Filecoin Fast Finality, a Go implementation) contains a vulnerability in its justification verification caching in versions ≤ 0.8.8, where cached results are not context-aware, allowing an attacker to reuse a valid justification in an invalid message context. The issue is fixed in version ...

GHSA-7PQ9-RF9P-WCRF go-f3 Vulnerable to Cached Justification Verification Bypass

Description A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by: 1. First submitting a valid message with a correct...