CVE-2025-70957
Unknown Unknown - Not Provided
Denial of Service in TON Lite Server via Malicious Continuation Injection

Publication date: 2026-02-13

Last updated on: 2026-02-18

Assigner: MITRE

Description
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-13
Last Modified
2026-02-18
Generated
2026-06-16
AI Q&A
2026-02-14
EPSS Evaluated
2026-06-14
NVD
CVE-2025-70957
EUVD
EUVD-2025-207526
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ton lite_server to 2024.09 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Denial of Service (DoS) issue found in the TON Lite Server before version 2024.09. It occurs because the server improperly handles external arguments passed to locally executed "get methods." An attacker can inject a specially crafted Continuation object, which is an internal type normally restricted within the TVM (TON Virtual Machine). When the TVM executes this malicious continuation, it uses excessive CPU resources while incurring very low virtual gas costs, effectively allowing the attacker to perform free computation.

This misuse of resources enables the attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users accessing the server through the gateway.

Impact Analysis

The vulnerability can severely impact users by causing a Denial of Service (DoS) on the TON Lite Server. An attacker exploiting this flaw can consume excessive CPU resources on the server, reducing its ability to process legitimate requests.

As a result, legitimate users may experience degraded performance or complete unavailability of services provided by the Lite Server, disrupting normal operations and access.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart