Browse all 3 CVE security advisories affecting ether. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Ether serves as a decentralized cryptocurrency platform enabling smart contracts and decentralized applications (dApps). Historically, vulnerabilities have included remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from smart contract coding errors or platform weaknesses. Notable incidents include the 2016 DAO hack exploiting a reentrancy vulnerability, resulting in $50 million stolen, and the 2020 DeFi flash loan attacks manipulating price oracles. Security characteristics emphasize immutability of transactions but highlight risks in third-party integrations and smart contract implementations. The platform's open nature exposes it to continuous threat vectors, requiring rigorous auditing and developer awareness to mitigate risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-40920 | Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces — Catalyst::Authentication::Credential::HTTPCWE-340 | 7.4AI | HighAI | 2025-08-11 |
| CVE-2025-40907 | FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library — FCGICWE-1395 | 9.8AI | CriticalAI | 2025-05-16 |
| CVE-2021-43802 | Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports — etherpad-liteCWE-790 | 9.9 | Critical | 2021-12-09 |
This page lists every published CVE security advisory associated with ether. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.