CVE-2025-52484
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-20

Last updated on: 2025-06-23

Assigner: GitHub, Inc.

Description
RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit. Rust applications using the risc0-zkvm crate at versions 2.0.0, 2.0.1, and 2.0.2 should upgrade to version 2.1.0. Smart contract applications using the official RISC Zero Verifier Router do not need to take any action: zkVM version 2.1 is active on all official routers, and version 2.0 has been disabled. Smart contract applications not using the verifier router should update their contracts to send verification calls to the 2.1 version of the verifier.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-20
Last Modified
2025-06-23
Generated
2026-05-07
AI Q&A
2025-06-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52484
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-52484 is a critical vulnerability in the risc0-zkvm Rust packages (versions 2.0.0 to 2.0.2) caused by a missing constraint in the rv32im circuit of the RISC Zero zkVM. This flaw allows any 3-register RISC-V instruction (including remu and divu) to be exploited by a malicious prover. The attack works by confusing the virtual machine into treating the rs1 register value as the same as the rs2 register value due to the underconstrained circuit design. This can lead to incorrect or manipulated execution within the zkVM. The issue was fixed by adding constraints to prevent simultaneous memory input/output operations to the same address within the same cycle and by refining register read logic to avoid duplicate or conflicting reads when source registers are identical. [3, 7, 2]


How can this vulnerability impact me? :

This vulnerability allows a malicious prover to exploit the zkVM by manipulating the execution of 3-register RISC-V instructions, potentially causing the virtual machine to behave incorrectly or inconsistently. While the CVSS score indicates low impact on confidentiality, integrity, or availability, the risc0 team classifies it as critical because it undermines the trustworthiness of computations performed by the zkVM. For Rust applications using the risc0-zkvm crate, this could mean compromised proof verification or incorrect computation results. Smart contract applications using the official RISC Zero Verifier Router are not impacted as the vulnerable version has been disabled, but those not using the router must update to the fixed verifier version to avoid risk. [3]


What immediate steps should I take to mitigate this vulnerability?

To mitigate the vulnerability CVE-2025-52484, users of Rust applications using the risc0-zkvm crate should upgrade to version 2.1.0 or later. Smart contract applications using the official RISC Zero Verifier Router do not need to take any action since zkVM version 2.1 is already active and version 2.0 has been disabled. However, smart contracts not using the official router must update their contracts to send verification calls to the 2.1 version of the verifier. These steps prevent exploitation of the missing constraint in the rv32im circuit that allows malicious provers to confuse register values. [3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart