CVE-2025-61588
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-02

Last updated on: 2025-10-02

Assigner: GitHub, Inc.

Description
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program. Other affected packages include risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1. This issue has been fixed in the following versions: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-02
Last Modified
2025-10-02
Generated
2026-06-16
AI Q&A
2025-10-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-61588
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
risc0 risc0-zkvm-platform 2.1.0
risc0 risc0-aggregation 0.9
risc0 risc0-zkvm 2.3.2
risc0 risc0-zkvm 3.0.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in risc0-zkvm-platform versions 2.0.2 and below, where when the zkVM guest calls sys_read, the host can craft a response that writes to an arbitrary memory location in the guest. This allows the host to execute arbitrary code within the guest, compromising the soundness guarantees of the guest program. All guest programs built with the affected versions are vulnerable.

Impact Analysis

The vulnerability allows an attacker controlling the host to execute arbitrary code within the guest environment. This can lead to a complete compromise of the guest program's integrity and security, potentially allowing unauthorized actions, data manipulation, or further exploitation within the affected system.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade affected packages to the fixed versions: risc0-zkvm-platform to 2.1.0 or later, risc0-zkos-v1compat to 2.1.0 or later, risc0-aggregation to 0.9 or later, and risc0-zkvm to 2.3.2 or 3.0.3 or later. Avoid using vulnerable versions (2.0.2 and below for risc0-zkvm-platform, below 2.1.0 for risc0-zkos-v1compat, below 0.9 for risc0-aggregation, and between 3.0.0-rc.1 and 3.0.1 for risc0-zkvm).

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-61588. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart