CVE-2025-57247CRITICAL 9.1EPSS p24.3%

CVE-2025-57247CVE-2025-57247

Description

The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.3% · 2026-06-18T12:00:27Z
Published2025-10-06
Last modified2026-04-15

Underlying weaknesses· 1

CWE-284

References

  1. https://bscscan.com/address/0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2#code
  2. https://github.com/RikkaLzw/CVE/blob/main/CVE_BATB-TOKEN.md

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-25962
CVE
CVE-2026-28410
CVE
CVE-2026-4931
CVE
CVE-2025-66719
CVE
CVE-2025-70983
CVE
CVE-2025-45846
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.