CVE-2025-61588
📋 TL;DR
This vulnerability in RISC Zero's zkVM platform allows a malicious host to write arbitrary data to guest memory locations when the guest calls sys_read. This can lead to arbitrary code execution within the guest, compromising the soundness guarantees of zero-knowledge proofs. All guest programs built with affected versions are vulnerable.
💻 Affected Systems
- risc0-zkvm-platform
- risc0-aggregation
- risc0-zkos-v1compat
- risc0-zkvm
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of guest program integrity, allowing arbitrary code execution that could steal sensitive data, manipulate proof computations, or disrupt system operations.
Likely Case
Malicious hosts exploiting the vulnerability to manipulate guest computations, potentially leading to incorrect zero-knowledge proof results or data leakage.
If Mitigated
Limited impact if proper host authentication and isolation controls are in place, though the fundamental vulnerability remains.
🎯 Exploit Status
Exploitation requires the attacker to control the host environment or compromise the host system. The vulnerability is in the guest-host communication mechanism.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, risc0-zkvm 2.3.2 or 3.0.3
Vendor Advisory: https://github.com/risc0/risc0/security/advisories/GHSA-jqq4-c7wq-36h7
Restart Required: Yes
Instructions:
1. Identify which RISC Zero packages you're using. 2. Update to patched versions: risc0-zkvm-platform to 2.1.0+, risc0-zkos-v1compat to 2.1.0+, risc0-aggregation to 0.9+, risc0-zkvm to 2.3.2+ or 3.0.3+. 3. Rebuild and redeploy all guest programs with updated dependencies.
🔧 Temporary Workarounds
Host Environment Hardening
allImplement strict access controls and monitoring on host systems to prevent unauthorized access to the RISC Zero host environment.
Input Validation Layer
allAdd additional input validation and sanitization layers between guest sys_read calls and host responses.
🧯 If You Can't Patch
- Isolate RISC Zero host environments from untrusted networks and users.
- Implement strict monitoring and alerting for unusual guest program behavior or memory access patterns.
🔍 How to Verify
Check if Vulnerable:
Check package versions in your Cargo.toml or dependency files for affected versions of risc0-zkvm-platform, risc0-aggregation, risc0-zkos-v1compat, or risc0-zkvm.Check Version:
cargo tree | grep risc0 OR check Cargo.toml/Cargo.lock files for risc0 dependenciesVerify Fix Applied:
Verify updated package versions in Cargo.lock or dependency manifests match patched versions: risc0-zkvm-platform ≥2.1.0, risc0-aggregation ≥0.9, risc0-zkos-v1compat ≥2.1.0, risc0-zkvm ≥2.3.2 or ≥3.0.3.📡 Detection & Monitoring
Log Indicators:
- Unusual memory access patterns in guest programs
- Multiple failed sys_read operations
- Guest program crashes or unexpected behavior
Network Indicators:
- Unusual network traffic to/from RISC Zero host systems
- Unexpected data transfers during proof generation
SIEM Query:
Search for process executions containing 'risc0' with abnormal memory access patterns or unexpected sys_read operations