5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-59941

GHSA ID

GHSA-7pq9-rf9p-wcrf

EPSS Score

CWE

CWE-305

Published

9/29/2025

Updated

9/29/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-59941

CVE-2025-59941: go-f3 Vulnerable to Cached Justification Verification Bypass

Description

A vulnerability exists in go-f3's justification verification caching mechanism where verification results are cached without properly considering the context of the message. An attacker can bypass justification verification by:

First submitting a valid message with a correct justification
Then reusing the same cached justification in contexts where it would normally be invalid

This occurs because the cached verification does not properly validate the relationship between the justification and the specific message context it's being used with.

Impact

Potential consensus integrity issues through invalid justification acceptance
Could affect network liveness if exploited systematically
May allow malicious actors to influence consensus decisions with invalid justifications
Requires significant power (350+ TiB due to power table rounding) to meaningfully exploit
It would also be difficult to exploit in a synchronised fashion, such that >1/3 of the network goes down at one time. This isn't a one-msg panic, where you can spam it and bring everyone down, because every node will have a different amount of memory andmany SPs also run redundant lotus nodes.

Patches

The fix was merged and released with go-f3 0.8.9. All node software (Lotus, Forest, Venus) are using a patched version of go-f3 with their updates for the nv27 network upgrade.

Workarounds

The are no immediate workarounds available. Nodes should upgrade to the patched version, which they will have done if participating in nv27 on Filecoin mainnet.

Credits

The bug was reported by @lgprbs via our bug bounty program. Thank you for the contributions.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-59941

CVE-2025-59941:

5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-59941

GHSA ID

GHSA-7pq9-rf9p-wcrf

EPSS Score

CWE

CWE-305

Published

9/29/2025

Updated

9/29/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/filecoin-project/go-f3	go	< 0.8.9	0.8.9

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability, identified as GHSA-7pq9-rf9p-wcrf, is a caching issue within the go-f3 library's justification verification process. The root cause is that the caching mechanism for validation results did not properly account for the message context.

The function cachingValidator.validateJustification in gpbft/validator.go was using a cache key for justifications that was generated only from the content of the justification itself. The cachingValidator.getCacheKey function was responsible for this behavior. Consequently, if a justification was validated once in a correct context, its validation result would be cached. An attacker could then reuse this same justification in a different, invalid context (e.g., for a different message value). The system would find the cached result based on the justification's hash and incorrectly skip the full validation, leading to the acceptance of an invalid message.

The patch addresses this by making the cache key more specific. It modifies cachingValidator.getCacheKey to accept additional data. The cachingValidator.validateJustification function is updated to pass the expectedVoteValueKey (a key derived from the value being voted on in the message) to getCacheKey. This ensures that the cache key is now a composite of the justification and the context in which it is used, effectively preventing the reuse of cached validations across different contexts and closing the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-59941: go-f3 Vulnerable to Cached Justification Verification Bypass

Description

Impact

Patches

Workarounds

Credits

CVE-2025-59941:

5.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-59941: go-f3 Vulnerable to Cached Justification Verification Bypass

Description

Impact

Patches

Workarounds

Credits

Technical Details

5.9

5.9

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI