GHSA-6fgm-x6ff-w78f: 
vulnerability analysis and mitigation

A moderate severity vulnerability (GHSA-6fgm-x6ff-w78f) was identified in the Packet Forward Middleware of the Cosmos IBC-apps, affecting versions prior to 7.2.1 and 8.1.1. The vulnerability was disclosed on February 12, 2025, and impacts chains using the affected versions of Packet Forward Middleware in their IBC Transfer stack. The vulnerability specifically affects IBC transfers between chains and their native chain (GitHub Advisory).

The vulnerability has been assigned a CVSS v4.0 score of 6.9 (Moderate), with the following characteristics: Network Attack Vector, Low Attack Complexity, No Attack Requirements, No Privileges Required, and No User Interaction needed. The vulnerability primarily affects system availability, with no impact on confidentiality or integrity. The CVSS string is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N (GitHub Advisory).

The vulnerability creates a potential denial of service condition that can temporarily disable IBC transfers for any asset being transferred between another chain and its native chain. This is classified as a state-breaking change, indicating significant impact on the system's operation (GitHub Advisory).

The vulnerability has been patched in versions 7.2.1 and 8.1.1 of the Packet Forward Middleware. Due to the state-breaking nature of the change, immediate upgrade is recommended for affected systems. No alternative workarounds are available (GitHub Advisory, Release v7.2.1, Release v8.1.1).