Vulnerability Description
A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initializing child virtual machines. The operation moves critical resources (specifically libraries and log) from the parent state to a new child state in a non-atomic manner. If an Out-of-Gas (OOG) exception occurs after resources are moved but before the state transition is finalized, the parent VM retains a corrupted state where these resources are emptied/invalid. Because RUNVM supports gas isolation, the parent VM continues execution with this corrupted state, leading to unexpected behavior or denial of service within the contract's context.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://gist.github.com/Lucian-code233/beab9d14683ed2bdf5543be430b91c70
- https://github.com/ton-blockchain/ton/commit/1835d84602bbaaa1593270d7ab3bb0b4999
- https://github.com/ton-blockchain/ton/releases/tag/v2025.04#:~:text=Arayz%2C%20R
- https://mp.weixin.qq.com/s/ZD35baKUikefFdtNHZIC9g
FAQ
What is CVE-2025-70956?
CVE-2025-70956 is a vulnerability with a CVSS score of 7.5 (HIGH). A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initi...
How severe is CVE-2025-70956?
CVE-2025-70956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-70956?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.