CVE-2025-70956 identifies a state pollution vulnerability within the TON Virtual Machine (TVM) prior to version 2025.04. The vulnerability is rooted in the RUNVM instruction logic, specifically in the VmState::run_child_vm function, which initializes child virtual machines by transferring critical resources such as libraries and logs from the parent VM state to the child VM state. This transfer is performed in a non-atomic manner, meaning the operation is not completed as a single indivisible step. If an Out-of-Gas (OOG) exception occurs after the resources have been moved but before the state transition is finalized, the parent VM is left in a corrupted state where these critical resources are emptied or invalid. Despite this corrupted state, the parent VM continues execution due to gas isolation mechanisms, leading to unexpected behavior or denial of service within the smart contract's execution context. The vulnerability impacts the availability of the contract execution environment but does not compromise confidentiality or integrity. The CVSS v3.1 score is 7.5 (high severity), reflecting the network attack vector, low complexity, no privileges required, no user interaction, and unchanged scope. No patches or known exploits are currently available, indicating the need for proactive mitigation. The underlying CWE is CWE-1321, which relates to improper state handling in virtual machines or interpreters.

The primary impact of CVE-2025-70956 is a denial of service condition within smart contracts running on the TON Virtual Machine. By corrupting the parent VM state during child VM initialization, the vulnerability can cause contracts to behave unpredictably or halt execution, disrupting blockchain operations dependent on these contracts. This can affect decentralized applications (dApps), financial transactions, and other services relying on TVM for execution integrity. Since the vulnerability does not affect confidentiality or integrity, data leakage or unauthorized modification is unlikely. However, the availability impact can undermine trust in the affected blockchain platform and cause financial or operational losses for organizations relying on uninterrupted smart contract execution. The ease of exploitation (no privileges or user interaction required) and remote attack vector increase the risk of automated attacks or exploitation attempts once the vulnerability becomes widely known. Organizations running nodes or developing smart contracts on TON must consider the risk of service disruption and potential cascading effects on dependent systems and users.

To mitigate CVE-2025-70956, developers and operators of the TON Virtual Machine should implement atomic state transitions when moving resources between parent and child VMs. This can be achieved by redesigning the RUNVM instruction logic to ensure that resource transfer and state finalization occur as a single atomic operation, preventing partial state corruption if an OOG exception occurs. Additionally, introducing robust exception handling and rollback mechanisms to restore the parent VM state upon failure during child VM initialization will prevent corrupted states from persisting. Monitoring and alerting for OOG exceptions during contract execution can help detect exploitation attempts or abnormal behavior early. Smart contract developers should also design contracts to minimize gas exhaustion risks and test for edge cases involving resource transfers. Until official patches are released, organizations should consider restricting or closely monitoring contract deployments that utilize RUNVM instructions. Participation in the TON developer community and applying updates promptly once patches become available is critical. Finally, conducting thorough code audits focusing on VM state management and resource handling will reduce the risk of similar vulnerabilities.