vulnerability
Red Hat JBoss EAP: CVE-2025-27611: Insufficient Visual Distinction of Homoglyphs Presented to User
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:C/A:N) | Apr 30, 2025 | May 6, 2025 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:C/A:N)
Published
Apr 30, 2025
Added
May 6, 2025
Modified
Mar 25, 2026
Description
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.. A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-1007
- CVE-2025-27611
- https://attackerkb.com/topics/CVE-2025-27611
- https://access.redhat.com/security/cve/CVE-2025-27611
- https://bugzilla.redhat.com/show_bug.cgi?id=2363176
- https://github.com/cryptocoinjs/base-x/pull/86
- https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p
- https://access.redhat.com/errata/RHSA-2025:10452
- https://access.redhat.com/errata/RHSA-2025:10453
- https://access.redhat.com/errata/RHSA-2025:10459
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-12752
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.