{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27611", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-03-03T15:10:34.079Z", "datePublished": "2025-04-30T19:36:57.356Z", "dateUpdated": "2025-05-01T18:49:22.814Z"}, "containers": {"cna": {"title": "base-x homograph attack allows Unicode lookalike characters to bypass validation.", "problemTypes": [{"descriptions": [{"cweId": "CWE-1007", "lang": "en", "description": "CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"}, {"name": "https://github.com/cryptocoinjs/base-x/pull/86", "tags": ["x_refsource_MISC"], "url": "https://github.com/cryptocoinjs/base-x/pull/86"}], "affected": [{"vendor": "cryptocoinjs", "product": "base-x", "versions": [{"version": "= 5.0.0", "status": "affected"}, {"version": "= 4.0.0", "status": "affected"}, {"version": "< 3.0.11", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-30T19:36:57.356Z"}, "descriptions": [{"lang": "en", "value": "base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1."}], "source": {"advisory": "GHSA-xq7p-g2vc-g82p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-01T18:49:09.602435Z", "id": "CVE-2025-27611", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T18:49:22.814Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27611", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-01T18:49:09.602435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-01T18:49:17.756Z"}}], "cna": {"title": "base-x homograph attack allows Unicode lookalike characters to bypass validation.", "source": {"advisory": "GHSA-xq7p-g2vc-g82p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "cryptocoinjs", "product": "base-x", "versions": [{"status": "affected", "version": "= 5.0.0"}, {"status": "affected", "version": "= 4.0.0"}, {"status": "affected", "version": "< 3.0.11"}]}], "references": [{"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p", "name": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/cryptocoinjs/base-x/pull/86", "name": "https://github.com/cryptocoinjs/base-x/pull/86", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1007", "description": "CWE-1007: Insufficient Visual Distinction of Homoglyphs Presented to User"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-30T19:36:57.356Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27611", "state": "PUBLISHED", "dateUpdated": "2025-05-01T18:49:22.814Z", "dateReserved": "2025-03-03T15:10:34.079Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-04-30T19:36:57.356Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1."}, {"lang": "es", "value": "base-x es un codificador y decodificador base de cualquier alfabeto que utiliza compresi\u00f3n de ceros a la izquierda, al estilo de Bitcoin. Las versiones 4.0.0, 5.0.0 y todas las anteriores a la 3.0.11 son vulnerables a que los atacantes enga\u00f1en a los usuarios para que env\u00eden fondos a una direcci\u00f3n no deseada. Este problema se ha corregido en las versiones 3.0.11, 4.0.1 y 5.0.1."}], "id": "CVE-2025-27611", "lastModified": "2025-05-02T13:53:40.163", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-30T20:15:21.430", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/cryptocoinjs/base-x/pull/86"}, {"source": "security-advisories@github.com", "url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1007"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2025:10459", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0.8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10452", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}, {"advisory": "RHSA-2025:10453", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap", "product_name": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date": "2025-07-07T00:00:00Z"}], "bugzilla": {"description": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.", "id": "2363176", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-1007", "details": ["base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.", "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability."}, "name": "CVE-2025-27611", "package_state": [{"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "org.jboss.hal-hal-parent", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2025-04-30T19:36:57Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-27611\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-27611\nhttps://github.com/cryptocoinjs/base-x/pull/86\nhttps://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"], "statement": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.", "threat_severity": "Important"}

{}