CVE-2025-70957 is a Denial of Service vulnerability identified in the TON Lite Server prior to version 2024.09. The vulnerability arises from the server's handling of external arguments passed to locally executed "get methods." Specifically, an attacker can inject a crafted Continuation object, which is an internal type used by the TON Virtual Machine (TVM) to represent execution state. Normally, such Continuation objects are restricted and controlled within the VM environment to prevent abuse. However, due to insufficient validation or sanitization of external inputs, an attacker can supply a malicious Continuation that, when executed by the TVM, triggers excessive CPU consumption. This is exacerbated by the fact that the virtual gas cost accounting mechanism underestimates the computational expense of this malicious continuation, effectively allowing the attacker to perform "free" computation. The result is that the Lite Server's processing resources become monopolized by the attacker's workload, severely degrading throughput and causing denial of service conditions for legitimate users accessing the gateway. The vulnerability does not impact confidentiality or integrity but has a high impact on availability. It can be exploited remotely without authentication or user interaction, increasing its risk profile. The underlying weakness corresponds to CWE-674 (Improper Control of a Resource Through a Client-Controllable Parameter). No patches or exploits are currently documented, but the vulnerability is publicly disclosed with a CVSS v3.1 base score of 7.5, indicating high severity.

The primary impact of CVE-2025-70957 is a Denial of Service condition on TON Lite Servers, which are critical components in the TON blockchain infrastructure. By exhausting CPU resources through malicious Continuation objects, attackers can significantly reduce the server's throughput and responsiveness. This can disrupt services relying on the Lite Server gateway, including transaction processing, smart contract interactions, and blockchain state queries. For organizations operating TON-based services, this could lead to service outages, degraded user experience, and potential financial losses due to downtime. The vulnerability does not compromise data confidentiality or integrity but severely affects availability, which is crucial for blockchain network reliability. Since exploitation requires no authentication and can be performed remotely, the attack surface is broad. If exploited at scale, it could impact multiple nodes, potentially destabilizing the network or causing cascading failures. The lack of known exploits in the wild suggests limited current exploitation but also highlights the need for proactive mitigation to prevent future attacks.

To mitigate CVE-2025-70957, organizations should upgrade TON Lite Server instances to version 2024.09 or later once patches are released that address the improper handling of Continuation objects. Until official patches are available, administrators should implement strict input validation and sanitization on all external arguments passed to locally executed "get methods" to prevent injection of malicious Continuations. Network-level protections such as rate limiting, IP reputation filtering, and anomaly detection can help identify and block suspicious traffic patterns indicative of resource exhaustion attempts. Deploying resource usage monitoring and alerting on CPU consumption spikes can enable early detection of ongoing attacks. Additionally, isolating Lite Server processes and applying resource quotas or cgroups can limit the impact of excessive CPU usage. Collaborating with the TON community and monitoring official advisories for updates and patches is essential. Finally, consider deploying Web Application Firewalls (WAFs) or custom filters that inspect and block malformed or suspicious Continuation objects in incoming requests.