Vulnerability in Vyperlang Vyper

CVE-2025-27104

vyper is a Pythonic Smart Contract Language for the EVM. Multiple evaluation of a single expression is possible in the iterator target of a for loop. While the iterator expression cannot produce multiple writes, it can consume side effects…

EPSS: 0.003 (55.7th percentile) — read the EPSS interpretation.

Affected products

Vyperlang Vyper — versions < 0.4.1

Weakness classification (CWE)

CWE-662 — Improper Synchronization

References

https://github.com/vyperlang/vyper/security/advisories/GHSA-h33q-mhmp-8p67 (x_refsource_CONFIRM)
https://github.com/vyperlang/vyper/pull/4488 (x_refsource_MISC)