CVE-2025-70955 is a stack overflow vulnerability discovered in the TON Virtual Machine (TVM) versions before 2024.10. The root cause is improper handling of vmstate and continuation jump instructions, which enable continuous dynamic tail calls within the virtual machine. An attacker can exploit this by deploying a malicious smart contract containing deeply nested jump logic that triggers these tail calls repeatedly. Despite operating within the permissible gas limits, this nested execution exhausts the stack space allocated to the host process running the validator node. The stack overflow causes the validator node process to crash, leading to a Denial of Service (DoS) condition on the TON blockchain network. This vulnerability does not affect confidentiality or integrity but severely impacts availability. The attack vector is network-based, requiring no privileges or user interaction, making it relatively easy to exploit remotely. The vulnerability is categorized under CWE-674 (Improper Control of a Resource Through a Reference to a Subresource). No patches or fixes are currently linked, indicating that users must monitor for updates and apply them promptly. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation and significant impact on availability. No known exploits have been observed in the wild yet, but the potential for disruption to blockchain validator infrastructure is substantial.

The primary impact of CVE-2025-70955 is a Denial of Service (DoS) against validator nodes in the TON blockchain network. By crashing validator nodes, attackers can disrupt consensus and transaction validation, potentially delaying or halting blockchain operations. This undermines the availability and reliability of the TON blockchain, affecting all users and services dependent on it. Organizations operating validator nodes face operational downtime, loss of trust, and potential financial losses due to service interruptions. Indirectly, decentralized applications (dApps) and smart contracts relying on the TON blockchain may experience degraded performance or failures. The vulnerability does not compromise data confidentiality or integrity but poses a critical threat to network stability. Given the decentralized nature of blockchain, widespread exploitation could fragment the network or reduce its resilience. The ease of remote exploitation without authentication increases the risk of automated attacks or large-scale DoS campaigns targeting the TON ecosystem.

To mitigate CVE-2025-70955, organizations should: 1) Upgrade the TON Virtual Machine to version 2024.10 or later once patches are released that address the stack overflow issue. 2) Implement runtime limits on the depth of continuation jumps and stack usage within smart contract execution environments to prevent excessive recursion or nested calls. 3) Monitor validator node logs and system metrics for signs of stack exhaustion or abnormal crashes indicative of exploitation attempts. 4) Employ network-level protections such as rate limiting and anomaly detection to identify and block suspicious smart contract deployment or invocation patterns. 5) Engage with the TON developer community to stay informed about patches, advisories, and best practices. 6) Consider deploying redundant validator nodes and failover mechanisms to maintain blockchain availability during potential attacks. 7) Conduct thorough code reviews and testing of smart contracts to detect and prevent malicious nested jump logic before deployment. These measures go beyond generic advice by focusing on specific runtime controls and operational monitoring tailored to the nature of this vulnerability.