CVE-2025-27104

Summary

CVE-2025-27104 affects vyper, a Pythonic Smart Contract Language for the Ethereum Virtual Machine. This vulnerability allows for unexpected program behavior when multiple evaluations of a single expression are possible in the iterator target of a for loop. While the iterator expression cannot directly cause multiple writes, it can consume side effects produced in the loop body, such as reading a storage variable updated in the loop. This issue arises due to the way iterable lists are handled during code generation. Users are advised to upgrade to the expected patched release, version 0.4.1, as soon as it becomes available. No known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.