CVE-2025-61595 is a high-severity vulnerability affecting MANTRA-Chain, a Layer 1 blockchain platform designed for real-world asset (RWA) tokenization with regulatory compliance features. The vulnerability exists in versions prior to 4.0.2 and relates to uncontrolled resource consumption, specifically gas usage within the blockchain's transaction processing. MANTRA-Chain uses a gas mechanism to limit computational resource consumption per transaction, similar to Ethereum. However, in versions 4.0.1 and below, the system does not enforce the transaction gas limit within its send hooks, which are functions triggered during token transfers or contract calls. This flaw allows send hooks to consume more gas than the remaining gas allocated for the transaction. When combined with recursive calls in WebAssembly (WASM) smart contracts, this can lead to exponential amplification of gas consumption. Such behavior can cause denial-of-service (DoS) conditions by exhausting node resources, potentially destabilizing the blockchain network or causing transaction processing delays. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Allocation of Resources Without Limits or Throttling). The CVSS 4.0 base score is 8.8 (high), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and significant impact on availability. No known exploits are reported in the wild as of the publication date (October 2, 2025). The issue is resolved in MANTRA-Chain version 4.0.2, which enforces gas limits properly in send hooks to prevent excessive resource consumption. This vulnerability highlights the risks of inadequate gas accounting in blockchain smart contract execution environments, especially when recursive contract calls are possible.

For European organizations utilizing MANTRA-Chain for blockchain applications, particularly those involving real-world asset tokenization and regulatory compliance, this vulnerability poses a significant risk. Exploitation could lead to denial-of-service conditions on blockchain nodes, causing transaction delays, network instability, or temporary outages. This can disrupt business operations relying on the blockchain for asset transfers, settlements, or compliance reporting. Financial institutions, asset managers, and regulated entities in Europe leveraging MANTRA-Chain may face operational disruptions and potential regulatory scrutiny if service availability is compromised. Additionally, the uncontrolled gas consumption could increase operational costs due to excessive resource usage. While no exploits are currently known, the ease of exploitation (no authentication or user interaction required) and the potential for recursive amplification make this a critical concern for maintaining blockchain network reliability and trustworthiness in European markets.

European organizations should immediately upgrade all MANTRA-Chain nodes and smart contract environments to version 4.0.2 or later, where the gas limit enforcement in send hooks is properly implemented. Until the upgrade is applied, organizations should consider restricting or disabling the deployment and execution of WASM smart contracts that utilize recursive calls or complex send hooks to minimize risk exposure. Monitoring gas consumption metrics and transaction processing times can help detect anomalous behavior indicative of exploitation attempts. Network-level rate limiting and resource usage quotas on blockchain nodes can provide additional protection against resource exhaustion. Organizations should also conduct thorough code audits of their smart contracts to identify and refactor any recursive patterns that could exacerbate gas consumption. Engaging with MANTRA-Chain developers and community for patches, advisories, and best practices is recommended to stay ahead of emerging threats related to this vulnerability.