CVE-2025-25962

Published: Apr 29, 2025Modified: May 6, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md

Source: cve@mitre.org

https://medium.com/@cnetsec/access-control-vulnerability-in-uniswap-v3-cve-2025-25962-f7cf21536978

Source: cve@mitre.org

Timeline

No history available yet.