Vulnerability Summary: Issue: The size of the HTLC preimage was not validated in Nutshell versions < 0.18.0, allowing attackers to fill the mint's database and disk with arbitrary data. Impact: Potential Denial of Service (DoS) using HTLC in Cashu. Code Snippet: Fix and Timeline: Fix: Implemented by in GitHub PR. CVE: CVE-2025-65548. Timeline: 19 October 2025: Vulnerability reported to . 19 October 2025: Acknowledged by Cashu dev team; rewarded reporter with 100k sats. 21 October 2025: Fix committed. 28 October 2025: v0.18.0 released with the fix. 2 November 2025: Public disclosure. Advisory: Mints and users should update to v0.18.0. Check mint version and stop using if running Nutshell version older than 0.18.0.