CVE-2025-57247 (CNNVD-202510-792)
中文标题:
BATBToken 安全漏洞
英文标题:
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v...
漏洞描述
中文描述:
BATBToken是Binance Smart Chain组织的一个代币智能合约。 BATBToken smart contract存在安全漏洞,该漏洞源于白名单管理函数访问控制实现不当,可能导致权限提升。
英文描述:
The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics.
CWE类型:
标签:
受影响产品
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (adp)
CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-57247 |
2025-11-11 15:23:30 | 2025-11-11 07:40:44 |
| NVD | nvd_CVE-2025-57247 |
2025-11-11 15:01:05 | 2025-11-11 07:48:31 |
| CNNVD | cnnvd_CNNVD-202510-792 |
2025-11-11 15:12:59 | 2025-11-11 08:00:21 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202510-792
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']