Critical severityNVD Advisory· Published Jan 28, 2025· Updated Apr 15, 2026
CVE-2025-24800
CVE-2025-24800
Description
Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or compromise other kinds of cross-chain applications. This vulnerability is fixed in 15.0.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ismp-grandpacrates.io | < 15.0.1 | 15.0.1 |
grandpa-verifier-primitivescrates.io | < 0.1.2 | 0.1.2 |
grandpa-verifiercrates.io | < 0.1.2 | 0.1.2 |
Patches
1f0e85db718f5Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-wwx5-gpgr-vxr7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-24800ghsaADVISORY
- github.com/polytope-labs/hyperbridge/pull/372/commits/f0e85db718f5165b06585a49b14a66f8ad643aeanvdWEB
- github.com/polytope-labs/hyperbridge/security/advisories/GHSA-wwx5-gpgr-vxr7nvdWEB
- github.com/polytope-labs/ismp-substrate/pull/64/commits/04d5be207b082eb61d586d52e1685e2e060347e6ghsaWEB
- github.com/polytope-labs/ismp-substrate/pull/64/commits/5ca3351a19151f1a439c30d5cbdbfdc72a11f1a8nvdWEB
- github.com/polytope-labs/ismp-substrate/pull/64/commits/b26894913b301061b07db61af841ca2586415f08ghsaWEB
News mentions
0No linked articles in our index yet.