Ethereum client Geth releases ‘Schwarzschild’ update to fix a vulnerability in previous version

The developers of Geth, the official Go implementation of the Ethereum protocol, released version 1.14.13 , codenamed “Schwarzschild,” on Thursday.

This release explicitly addresses a vulnerability that affects the peer-to-peer (p2p) layer of Geth, which could lead to denial of service attacks on nodes running them and potentially impact Layer 2 clients.

Geth is the most widely used execution layer client for Ethereum.

The vulnerability, cataloged as CVE-2025-24883 , states that the Geth version “is vulnerable to DoS via malicious p2p messages.” Version 1.14.0 appeared to have accidentally introduced this security issue.

Users running Geth 1.14 (or later till 1.14.13) were urged to update to the latest version to mitigate the risk of node crashes or other disruptions.

“If you are running a version of geth that 1.14 or later, please update to the newest version. Nodes running v1.13.x are not affected,” noted Marius Van Der Wijden, Ethereum developer at the Geth client team.

The fix in v1.14.13 was coordinated with multiple Layer 2 solutions to ensure a broad security update across the ecosystem.

This emergency release was crucial because the bug, first identified by security researchers at Polygon, could potentially allow attackers to crash nodes running vulnerable versions of Geth remotely. 

The Geth team clarified that nodes operating on the v1.13.x series were not affected by this particular vulnerability.