fkie_cve-2025-52884
Vulnerability from fkie_nvd
Published
2025-06-24 21:15
Modified
2025-06-26 18:58
Severity ?
1.7 (Low) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
Summary
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.
References
security-advisories@github.comhttps://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/pull/605
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0
security-advisories@github.comhttps://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel."
    },
    {
      "lang": "es",
      "value": "RISC Zero es una plataforma inform\u00e1tica general verificable de conocimiento cero, con integraci\u00f3n con Ethereum. El repositorio risc0-ethereum contiene los contratos del verificador de Solidity, la librer\u00eda de llamadas de vista Steel EVM y c\u00f3digo de soporte. En versiones anteriores a la 2.1.1 y la 2.2.0, la funci\u00f3n de la librer\u00eda de Solidity `Steel.validateCommitment` devolv\u00eda `true` para un compromiso manipulado con un valor de resumen de cero. Esto viola la sem\u00e1ntica de `validateCommitment`, ya que no se compromete con un bloque que est\u00e9 en la cadena actual. Dado que el resumen es cero, no corresponde a ning\u00fan bloque y no existen aperturas conocidas. Como resultado, este compromiso nunca ser\u00e1 producido por un invitado zkVM correcto que utilice Steel, y aprovechar este error para comprometer la solidez de un programa que utilice Steel requerir\u00eda un error separado o un mal uso de la librer\u00eda Steel, que se espera que se utilice para validar la ra\u00edz de las pruebas de apertura de estado. Se ha publicado una correcci\u00f3n como parte de `risc0-ethereum` 2.1.1 y 2.2.0. Los usuarios de la librer\u00eda `Steel` de Solidity, versiones 2.1.0 o anteriores, deben asegurarse de usar `Steel.validateCommitment` junto con la verificaci\u00f3n de pruebas de zkVM de un programa Steel, como se muestra en el contraejemplo ERC-20 y la documentaci\u00f3n. Este es el uso correcto de Steel, y los usuarios que siguen este patr\u00f3n no corren ning\u00fan riesgo y no necesitan tomar medidas. Los usuarios que no verifiquen una prueba de zkVM de un programa Steel deben actualizar su aplicaci\u00f3n para hacerlo, ya que este es un uso incorrecto de Steel."
    }
  ],
  "id": "CVE-2025-52884",
  "lastModified": "2025-06-26T18:58:14.280",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.7,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-24T21:15:26.207",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/pull/605"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-159"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.