{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52884", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-20T17:42:25.708Z", "datePublished": "2025-06-24T20:20:17.287Z", "dateUpdated": "2025-06-24T20:49:13.684Z"}, "containers": {"cna": {"title": "risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment", "problemTypes": [{"descriptions": [{"cweId": "CWE-159", "lang": "en", "description": "CWE-159: Improper Handling of Invalid Use of Special Elements", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 1.7, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2"}, {"name": "https://github.com/risc0/risc0-ethereum/pull/605", "tags": ["x_refsource_MISC"], "url": "https://github.com/risc0/risc0-ethereum/pull/605"}, {"name": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98", "tags": ["x_refsource_MISC"], "url": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98"}, {"name": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain", "tags": ["x_refsource_MISC"], "url": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain"}, {"name": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63", "tags": ["x_refsource_MISC"], "url": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63"}, {"name": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1"}, {"name": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0"}], "affected": [{"vendor": "risc0", "product": "risc0-ethereum", "versions": [{"version": "< 2.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-24T20:20:17.287Z"}, "descriptions": [{"lang": "en", "value": "RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel."}], "source": {"advisory": "GHSA-gjv3-89hh-9xq2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-24T20:49:01.025065Z", "id": "CVE-2025-52884", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T20:49:13.684Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52884", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-24T20:49:01.025065Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-24T20:49:08.398Z"}}], "cna": {"title": "risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment", "source": {"advisory": "GHSA-gjv3-89hh-9xq2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 1.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "risc0", "product": "risc0-ethereum", "versions": [{"status": "affected", "version": "< 2.1.1"}]}], "references": [{"url": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2", "name": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/risc0/risc0-ethereum/pull/605", "name": "https://github.com/risc0/risc0-ethereum/pull/605", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98", "name": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98", "tags": ["x_refsource_MISC"]}, {"url": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain", "name": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63", "name": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1", "name": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0", "name": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-159", "description": "CWE-159: Improper Handling of Invalid Use of Special Elements"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-24T20:20:17.287Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52884", "state": "PUBLISHED", "dateUpdated": "2025-06-24T20:49:13.684Z", "dateReserved": "2025-06-20T17:42:25.708Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-24T20:20:17.287Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel."}, {"lang": "es", "value": "RISC Zero es una plataforma inform\u00e1tica general verificable de conocimiento cero, con integraci\u00f3n con Ethereum. El repositorio risc0-ethereum contiene los contratos del verificador de Solidity, la librer\u00eda de llamadas de vista Steel EVM y c\u00f3digo de soporte. En versiones anteriores a la 2.1.1 y la 2.2.0, la funci\u00f3n de la librer\u00eda de Solidity `Steel.validateCommitment` devolv\u00eda `true` para un compromiso manipulado con un valor de resumen de cero. Esto viola la sem\u00e1ntica de `validateCommitment`, ya que no se compromete con un bloque que est\u00e9 en la cadena actual. Dado que el resumen es cero, no corresponde a ning\u00fan bloque y no existen aperturas conocidas. Como resultado, este compromiso nunca ser\u00e1 producido por un invitado zkVM correcto que utilice Steel, y aprovechar este error para comprometer la solidez de un programa que utilice Steel requerir\u00eda un error separado o un mal uso de la librer\u00eda Steel, que se espera que se utilice para validar la ra\u00edz de las pruebas de apertura de estado. Se ha publicado una correcci\u00f3n como parte de `risc0-ethereum` 2.1.1 y 2.2.0. Los usuarios de la librer\u00eda `Steel` de Solidity, versiones 2.1.0 o anteriores, deben asegurarse de usar `Steel.validateCommitment` junto con la verificaci\u00f3n de pruebas de zkVM de un programa Steel, como se muestra en el contraejemplo ERC-20 y la documentaci\u00f3n. Este es el uso correcto de Steel, y los usuarios que siguen este patr\u00f3n no corren ning\u00fan riesgo y no necesitan tomar medidas. Los usuarios que no verifiquen una prueba de zkVM de un programa Steel deben actualizar su aplicaci\u00f3n para hacerlo, ya que este es un uso incorrecto de Steel."}], "id": "CVE-2025-52884", "lastModified": "2025-06-26T18:58:14.280", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.7, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-06-24T21:15:26.207", "references": [{"source": "security-advisories@github.com", "url": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/pull/605"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0"}, {"source": "security-advisories@github.com", "url": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-159"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{}