CVE-2025-62625

CVE-2025-62625 concerns improper privilege management in the KVM key download component, enabling token swapping to obtain sensitive keys and potentially access privileged resources. The NVD/CVE records describe impact to confidentiality with CVSS v4.0 base metrics: Attack Vector NETWORK, Attack ...

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

rcc-solana (=0.1.0) potentially affected by unknown CVE via spl-token-swap (=3.0.0)

spl-token-swap CARGO version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on spl-token-swap and may be impacted: - rcc-solana =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-H6XM-C6R4-VMWF...

GHSA-H6XM-C6R4-VMWF Unsound usages of `u8` type casting in spl-token-swap

The library provides a safe public API unpack to cast u8 array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting u8 pointer to a type aligned to...

rcc-solana (=0.1.0) potentially affected by unknown CVE via spl-token-swap (=3.0.0)

spl-token-swap CARGO version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on spl-token-swap and may be impacted: - rcc-solana =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0426...

Missing slippage protection in _swap()

Lines of code Vulnerability details Impact Without slippage, If the price of the tokens changes significantly during the swap, it could result in a large slippage, causing users to lose a significant amount of funds. An attacker can watch the mempool and then using flash bots execute a sandwich...

Users can swap tokens through shift() function without _updatePumps()

Lines of code Vulnerability details Impact Any user can swap tokens just transferring tokens to the contract in a batch with calling shift function. The problem is that the shift doesn't call the updatePumps function which update oracle. This way attackers can exploit this vulnerability to...

User may get less tokens than expected when collateral list order changes

Lines of code Vulnerability details Impact The order of ts.collateralList is not stable: Whenever LibSetters.revokeCollateral is used to revoke a collateral, it may change because of the swap that is performed. However, the function Redeemer.redeem relies on this order, as the user has to provide...

Anyone can front-rundidPay calling payParams to grief swaps and mints

Lines of code Vulnerability details Impact The payParams function in the IJBPayDelegate contract does not currently have any form of access control implemented. This could allow a malicious user to manipulate the mintedAmount and reservedRate state variable, which can interfere with the correct...

MALICIOUS USER CAN USE LOCKED ETH OF THE CONTRACT TO MINT HIGHER NUMBER OF TOKENS OR SWAP AND RECIEVE MORE TOKENS THAN HE IS ELIGIBLE

Lines of code Vulnerability details Impact In the JBXBuybackDelegate contract, the terminal token is considered to be ETH as of now according to documentation. Hence both the mint and swap functionality uses the data.amount.value as the ETH amount for new token minting or swapping. In the...

Unchecked revert causes to

Lines of code Vulnerability details Impact In AdapterBase.Sol when harvesting and exchanging all tokens using Pool2SingleAssetCompounder.SolL44 harvest can harvest all tokens but not swap them for underlying currency. In contract Pool2SingleAssetCompounder...

Incorrect input amount calculation for Trader Joe V1 pools

Lines of code Vulnerability details Impact Input amount is calculated incorrectly for Trader Joe V1 pools when swapping tokens across multiple pools and some of the pools in the chain are V1 ones. Calculated amounts will always be bigger than expected ones, which will always affect chained swaps...

Lack of check for contract existance can cause loss of funds during transfers

Lines of code Vulnerability details Impact The current transfers will not check if the to address is for an existing token contract. This can cause loss of funds if an user attempts to make a swap for a tokens added to a pool and destructed later. Proof of Concept TokenA gets added to a pool The...

User can steal output token when input token is a rebasing token in which algebraSwapCallback can be called to expand total supply of the rebasing token

Lines of code Vulnerability details Impact When calling the swap function below, the following swapCallback function is further called for calling the algebraSwapCallback function in the callee contract that is msg.sender; such contract does not have to be a shared router and can be separately...

CvxCrvRewardsLocker implements a swap without a slippage check that can result in a loss of funds through MEV

Lines of code Vulnerability details Impact The CvxCrvRewardsLocker contract swaps tokens through the CRV cvxCRV pool. But, it doesn't use any slippage checks. The swap is at risk of being frontrun / sandwiched which will result in a loss of funds. Since MEV is very prominent I think the chance of...

A swap with a token amount received of zero does not fail

Lines of code Vulnerability details Impact A token swap via NXTPFacet::swapAndCompleteBridgeTokensViaNXTP in which the receiving amount of tokens is zero does not fail. Proof of Concept The function NXTPFacet::swapAndCompleteBridgeTokensViaNXTP does not require that the token balance after the sw...

Wrong assumption when updating token balance

Handle rfa Vulnerability details Impact When there is a movement of token in the swap and addliquidity function, the balances reserve , is updated based on the difference between the before and after the user transfer the token, however if there is a user that accidently send a token to this...

Incorrect implementation of difference in MathUtils

Handle broccoli Vulnerability details Impact The difference function of MathUtils is incorrect. Without a return statement in the if bracket, the function always returns diff = b - a, causing differencex + 1, x to be uint-1, and thus withinx + 1, x is false. The within function is used to in the...

How Windows Defender Antivirus integrates hardware-based system integrity for informed, extensive endpoint protection

Detecting and stopping attacks that tamper with kernel-mode agents at the hypervisor level is a critical component of the unified endpoint protection platform in Microsoft Defender Advanced Threat Protection Microsoft Defender ATP. It’s not without challenges, but the deep integration of Windows...