SecuriTricks - CVE-2025-57247

Description

The BATBToken smart contract (address 0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2, Compiler Version v0.8.26+commit.8a97fa7a) contains incorrect access control implementation in whitelist management functions. The setColdWhiteList() and setSpecialAddress() functions in the base ERC20 contract are declared as public without proper access control modifiers, allowing any user to bypass transfer restrictions and manipulate special address settings. This enables unauthorized users to circumvent cold time transfer restrictions and potentially disrupt dividend distribution mechanisms, leading to privilege escalation and violation of the contract's intended tokenomics.

Product(s) Impacted

Vendor	Product	Versions
Batbtoken	Batbtoken	*
Erc20	Erc20	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	batbtoken	batbtoken	/	/	/	/	/	/	/	/
a	erc20	erc20	/	/	/	/	/	/	/	/

References

https://bscscan.com/address/0xfbf1388408670c02f0dbbb74251d8ded1d63b7a2#code

https://github.com/RikkaLzw/CVE/blob/main/CVE_BATB-TOKEN.md

CVSS Score

9.1 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

View Vector String

Timeline

Published: Oct. 6, 2025, 5:16 p.m.
Last Modified: Oct. 6, 2025, 6:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-57247