Insufficient Visual Distinction of Homoglyphs Presented to User

CVE-2025-27611

High

8.7/10

Summary

The base-x package is a base encoder and decoder for any given alphabet, using Bitcoin-style leading zero compression. A vulnerability in the package could allow attackers to deceive users into sending funds to unintended addresses. This issue affects versions through 3.0.10, 4.0.0, and 5.0.0.

Attack Complexity: LOW
Attack Vector: NETWORK
User Interaction: NONE
Privileges Required: NONE

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

References

Advisory
Pull request

Advisory Timeline

Published Apr 30, 2025

Insufficient Visual Distinction of Homoglyphs Presented to User

CVE-2025-27611

Summary

CWE-1007 - Insufficient Visual Distinction of Homoglyphs Presented to User

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS