CVE-2025-30147 Overview
CVE-2025-30147 affects Hyperledger Besu, an Ethereum execution client, through its besu-native library. The flaw resides in the reimplemented ALTBN128_ADD (0x06), ALTBN128_MUL (0x07), and ALTBN128_PAIRING (0x08) precompiles. These precompiles use gnark-crypto's bn254 implementation, which performed subgroup checks without verifying that elliptic curve (EC) points lie on the curve. Attackers can submit crafted input points that pass subgroup checks but fall off the curve, causing Besu to return incorrect results and drift out of consensus with other Ethereum clients. The defect is tracked as [CWE-325: Missing Cryptographic Step].
Critical Impact
A specially crafted EC point can force Besu nodes to fork from the Ethereum network or enshrine invalid state on homogenous Besu-only networks.
Affected Products
- Hyperledger Besu versions 24.7.1 through 25.2.2
- besu-native versions 0.9.0 through 1.2.1
- Ethereum networks running Besu as a consensus-participating execution client
Discovery Timeline
- 2025-05-07 - CVE-2025-30147 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-30147
Vulnerability Analysis
The ALTBN128 precompiles implement operations on the bn254 elliptic curve used for zkSNARK verification and pairing-based cryptography on Ethereum. Besu originally implemented these precompiles against an unmaintained native library. The maintainers migrated to gnark-crypto's bn254 package starting with besu-native version 0.9.0, with Besu 24.7.1 activating the new code through besu-native0.9.2.
The migration introduced a validation gap. The gnark-crypto version in use combined subgroup membership checks with implicit point-on-curve assumptions, but the subgroup verification routine did not actually verify curve membership. As a result, malformed inputs reached the elliptic curve arithmetic routines and produced results inconsistent with other Ethereum execution clients such as Geth, Nethermind, and Erigon.
Root Cause
The root cause is a missing cryptographic validation step [CWE-325]. The native precompile relied on gnark-crypto's subgroup check to also confirm that a point satisfies the curve equation. The library performed only subgroup verification. Inputs that are members of the correct prime-order subgroup representation but not solutions to the bn254 curve equation bypassed validation entirely.
Attack Vector
An attacker submits an Ethereum transaction that invokes one of the affected precompiles with a crafted EC point. Besu computes a result that diverges from the canonical result produced by other clients. On the public Ethereum network this triggers a chain split affecting Besu nodes. On private Besu-only networks the invalid output is accepted into state, producing data that patched clients will refuse to process.
No authentication is required and the attack is delivered over the network through standard transaction submission. The vulnerability manifests through input validation behavior in the precompile dispatcher referenced in Besu NativeLibraryOptions. See the Hyperledger Besu Native Security Advisory GHSA-jcp8-gh74-97hq for technical detail.
Detection Methods for CVE-2025-30147
Indicators of Compromise
- Besu nodes reporting block hash mismatches or state root divergence relative to peer execution clients
- Unexpected chain reorganizations following transactions that invoke precompile addresses 0x06, 0x07, or 0x08
- Log entries from AltBN128PrecompiledContract or related besu-native paths during transaction execution preceding a fork event
Detection Strategies
- Compare Besu state roots against a second client (Geth, Nethermind, Erigon) at each block height to identify divergence
- Monitor transaction traces for invocations of ALTBN128_ADD, ALTBN128_MUL, and ALTBN128_PAIRING and correlate with consensus anomalies
- Inventory deployed Besu versions and flag any release in the range 24.7.1 through 25.2.2
Monitoring Recommendations
- Alert on peer count drops, missed block attestations, or fork-choice rule disagreements reported by the Besu engine API
- Track besu-native library versions across validator and full-node infrastructure
- Forward Besu structured logs to a centralized analytics platform for cross-client consensus comparison
How to Mitigate CVE-2025-30147
Immediate Actions Required
- Upgrade Hyperledger Besu to version 25.3.0 or later, which bundles besu-native1.3.0
- Audit any Besu-only private networks for state entries produced by the affected precompiles before applying the patched binary
- Verify post-upgrade that Besu nodes follow the same canonical chain as a reference client
Patch Information
The underlying defect is fixed in besu-native release 1.3.0, which adds explicit point-on-curve verification before subgroup checks. Hyperledger Besu 25.3.0 is the first Besu release shipping the corrected besu-native library. Operators on Besu 24.7.1 through 25.2.2 must upgrade. Details are documented in the GitHub Security Advisory GHSA-jcp8-gh74-97hq.
Workarounds
- Disable the native altbn128 precompile and fall back to the pure-Java implementation using Besu's --Xaltbn128-native-enabled=false startup flag
- Accept the performance cost: the Java implementation is correct but significantly slower than the native path
- Restrict transaction ingress through filtering proxies while planning a maintenance window for the full upgrade
# Configuration example: disable native altbn128 precompile as an interim mitigation
besu \
--network=mainnet \
--Xaltbn128-native-enabled=false \
--data-path=/var/lib/besu
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
