CVE-2025-70955
Unknown Unknown - Not Provided
Stack Overflow in TON VM Causes Validator Node DoS

Publication date: 2026-02-13

Last updated on: 2026-02-18

Assigner: MITRE

Description
A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70955
EUVD
EUVD-2025-207525
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ton virtual_machine to v2024.10 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Stack Overflow issue in the TON Virtual Machine (TVM) before version 2024.10. It occurs because the VM improperly handles vmstate and continuation jump instructions, which allow continuous dynamic tail calls. An attacker can exploit this by creating a smart contract with deeply nested jump logic. Even if the gas limits are respected, this nested execution exhausts the stack space of the host process.

As a result, the validator node running the TVM crashes, causing a Denial of Service (DoS) for the TON blockchain network.

Impact Analysis

The primary impact of this vulnerability is a Denial of Service (DoS) on the TON blockchain network. If exploited, it causes validator nodes to crash by exhausting their stack space.

This can disrupt the normal operation of the blockchain, potentially affecting transaction validation and network reliability.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70955. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart