CVE-2025-70954: n/a
CVE-2025-70954 is a high-severity null pointer dereference vulnerability in the TON Virtual Machine (TVM) used by the TON Blockchain prior to version 2025. 06. The flaw exists in the execution logic of the INMSGPARAM instruction, where the software fails to check if a pointer is null before accessing it. An attacker can exploit this by sending a malicious transaction or smart contract that triggers a segmentation fault, causing the validator node process to crash. This leads to a Denial of Service (DoS) condition, impacting the availability of the entire blockchain network. No authentication or user interaction is required to exploit this vulnerability, and it can be triggered remotely over the network. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to blockchain stability until patched. Organizations running validator nodes on the TON Blockchain should prioritize updating to version 2025. 06 or later once available. The vulnerability is identified as CWE-476 (NULL Pointer Dereference) and carries a CVSS score of 7.
AI Analysis
Technical Summary
CVE-2025-70954 is a null pointer dereference vulnerability affecting the TON Virtual Machine (TVM), a core component of the TON Blockchain infrastructure. The vulnerability resides specifically in the execution logic of the INMSGPARAM instruction, which is responsible for handling message parameters within smart contract execution. The issue arises because the program does not verify whether a pointer is null before dereferencing it. When a maliciously crafted transaction or smart contract invokes this instruction with a null pointer, it causes the validator node process to crash due to a segmentation fault. This crash results in a Denial of Service (DoS) condition, disrupting the validator node's ability to participate in consensus and validate transactions. Since validator nodes are critical to maintaining blockchain availability and integrity, their failure can degrade network performance or cause temporary outages. The vulnerability requires no privileges or user interaction, making it remotely exploitable by anyone able to submit transactions to the network. The CVSS v3.1 base score of 7.5 reflects the high impact on availability (A:H) with network attack vector (AV:N), low attack complexity (AC:L), and no privileges required (PR:N). The vulnerability is categorized under CWE-476 (NULL Pointer Dereference), a common programming error that leads to crashes or undefined behavior. No patches or mitigations are linked yet, but upgrading to TON Blockchain version 2025.06 or later is expected to resolve the issue. No known exploits have been reported in the wild as of the publication date, but the potential for disruption to blockchain validator nodes is significant.
Potential Impact
The primary impact of CVE-2025-70954 is a Denial of Service (DoS) on validator nodes within the TON Blockchain network. Validator nodes are essential for transaction validation, consensus, and overall network stability. If an attacker exploits this vulnerability, they can cause one or more validator nodes to crash repeatedly, reducing the number of active validators and potentially degrading the network's fault tolerance and throughput. This can lead to slower transaction processing, temporary network outages, or even forks if consensus is disrupted. The availability impact is critical for organizations relying on the TON Blockchain for financial transactions, decentralized applications, or other services. While confidentiality and integrity are not directly affected, the disruption of service can undermine trust and cause financial or reputational damage. The ease of exploitation—requiring no authentication or user interaction—means that attackers can launch attacks at scale remotely. This vulnerability could also be leveraged in coordinated attacks to destabilize the blockchain network, affecting all participants globally. Until patched, organizations operating validator nodes face increased operational risk and potential downtime.
Mitigation Recommendations
To mitigate CVE-2025-70954, organizations should prioritize upgrading their TON Blockchain validator nodes to version 2025.06 or later, where the null pointer dereference issue has been addressed. In the absence of an immediate patch, operators can implement temporary protective measures such as input validation and transaction filtering at the network or application layer to detect and block malformed transactions that attempt to exploit the INMSGPARAM instruction. Monitoring validator node logs and crash reports can help identify exploitation attempts early. Deploying redundant validator nodes and load balancing can reduce the impact of individual node crashes on overall network availability. Additionally, implementing automated node restart mechanisms can minimize downtime caused by crashes. Network-level protections such as rate limiting and transaction submission controls can also reduce attack surface. Finally, maintaining up-to-date backups and disaster recovery plans ensures rapid restoration of validator services if disruption occurs. Collaboration with the TON Blockchain developer community for timely patch releases and security advisories is essential.
Affected Countries
United States, Germany, South Korea, Japan, Singapore, Switzerland, United Kingdom, Canada, Netherlands, Russia
CVE-2025-70954: n/a
Description
CVE-2025-70954 is a high-severity null pointer dereference vulnerability in the TON Virtual Machine (TVM) used by the TON Blockchain prior to version 2025. 06. The flaw exists in the execution logic of the INMSGPARAM instruction, where the software fails to check if a pointer is null before accessing it. An attacker can exploit this by sending a malicious transaction or smart contract that triggers a segmentation fault, causing the validator node process to crash. This leads to a Denial of Service (DoS) condition, impacting the availability of the entire blockchain network. No authentication or user interaction is required to exploit this vulnerability, and it can be triggered remotely over the network. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to blockchain stability until patched. Organizations running validator nodes on the TON Blockchain should prioritize updating to version 2025. 06 or later once available. The vulnerability is identified as CWE-476 (NULL Pointer Dereference) and carries a CVSS score of 7.
AI-Powered Analysis
Technical Analysis
CVE-2025-70954 is a null pointer dereference vulnerability affecting the TON Virtual Machine (TVM), a core component of the TON Blockchain infrastructure. The vulnerability resides specifically in the execution logic of the INMSGPARAM instruction, which is responsible for handling message parameters within smart contract execution. The issue arises because the program does not verify whether a pointer is null before dereferencing it. When a maliciously crafted transaction or smart contract invokes this instruction with a null pointer, it causes the validator node process to crash due to a segmentation fault. This crash results in a Denial of Service (DoS) condition, disrupting the validator node's ability to participate in consensus and validate transactions. Since validator nodes are critical to maintaining blockchain availability and integrity, their failure can degrade network performance or cause temporary outages. The vulnerability requires no privileges or user interaction, making it remotely exploitable by anyone able to submit transactions to the network. The CVSS v3.1 base score of 7.5 reflects the high impact on availability (A:H) with network attack vector (AV:N), low attack complexity (AC:L), and no privileges required (PR:N). The vulnerability is categorized under CWE-476 (NULL Pointer Dereference), a common programming error that leads to crashes or undefined behavior. No patches or mitigations are linked yet, but upgrading to TON Blockchain version 2025.06 or later is expected to resolve the issue. No known exploits have been reported in the wild as of the publication date, but the potential for disruption to blockchain validator nodes is significant.
Potential Impact
The primary impact of CVE-2025-70954 is a Denial of Service (DoS) on validator nodes within the TON Blockchain network. Validator nodes are essential for transaction validation, consensus, and overall network stability. If an attacker exploits this vulnerability, they can cause one or more validator nodes to crash repeatedly, reducing the number of active validators and potentially degrading the network's fault tolerance and throughput. This can lead to slower transaction processing, temporary network outages, or even forks if consensus is disrupted. The availability impact is critical for organizations relying on the TON Blockchain for financial transactions, decentralized applications, or other services. While confidentiality and integrity are not directly affected, the disruption of service can undermine trust and cause financial or reputational damage. The ease of exploitation—requiring no authentication or user interaction—means that attackers can launch attacks at scale remotely. This vulnerability could also be leveraged in coordinated attacks to destabilize the blockchain network, affecting all participants globally. Until patched, organizations operating validator nodes face increased operational risk and potential downtime.
Mitigation Recommendations
To mitigate CVE-2025-70954, organizations should prioritize upgrading their TON Blockchain validator nodes to version 2025.06 or later, where the null pointer dereference issue has been addressed. In the absence of an immediate patch, operators can implement temporary protective measures such as input validation and transaction filtering at the network or application layer to detect and block malformed transactions that attempt to exploit the INMSGPARAM instruction. Monitoring validator node logs and crash reports can help identify exploitation attempts early. Deploying redundant validator nodes and load balancing can reduce the impact of individual node crashes on overall network availability. Additionally, implementing automated node restart mechanisms can minimize downtime caused by crashes. Network-level protections such as rate limiting and transaction submission controls can also reduce attack surface. Finally, maintaining up-to-date backups and disaster recovery plans ensures rapid restoration of validator services if disruption occurs. Collaboration with the TON Blockchain developer community for timely patch releases and security advisories is essential.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 698f9c59c9e1ff5ad86a8ec7
Added to database: 2/13/2026, 9:49:13 PM
Last enriched: 2/20/2026, 10:33:47 PM
Last updated: 2/20/2026, 11:30:44 PM
Views: 44
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-27134: CWE-287: Improper Authentication in strimzi strimzi-kafka-operator
HighCVE-2026-27190: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in denoland deno
HighCVE-2026-27026: CWE-770: Allocation of Resources Without Limits or Throttling in py-pdf pypdf
MediumCVE-2026-27025: CWE-834: Excessive Iteration in py-pdf pypdf
MediumCVE-2026-27024: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') in py-pdf pypdf
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.