CVE-2025-70954
📋 TL;DR
A Null Pointer Dereference vulnerability in TON Blockchain's TVM allows attackers to crash validator nodes by sending malicious transactions. This causes Denial of Service (DoS) affecting blockchain network availability. All TON Blockchain validator nodes running vulnerable versions are affected.
💻 Affected Systems
- TON Blockchain
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Massive network disruption with multiple validator nodes crashing simultaneously, potentially halting block production and transaction processing across the entire TON blockchain.
Likely Case
Targeted DoS attacks against specific validator nodes causing temporary unavailability and potential loss of staking rewards for affected validators.
If Mitigated
Isolated node crashes with minimal network impact due to validator redundancy and quick patching.
🎯 Exploit Status
Exploitation requires crafting specific malicious transactions targeting the INMSGPARAM instruction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2025.06
Vendor Advisory: https://github.com/ton-blockchain/ton/releases/tag/v2025.06
Restart Required: Yes
Instructions:
1. Stop TON validator service. 2. Backup configuration and data. 3. Update to v2025.06 using official release. 4. Restart validator service.
🔧 Temporary Workarounds
Transaction Filtering
allImplement custom transaction filtering to block suspicious INMSGPARAM instructions
🧯 If You Can't Patch
- Implement network-level DDoS protection to filter malicious transactions
- Increase validator redundancy to maintain network availability during targeted attacks
🔍 How to Verify
Check if Vulnerable:
Check TON version with: ton-node --versionCheck Version:
ton-node --versionVerify Fix Applied:
Verify version is v2025.06 or later and monitor for segmentation faults📡 Detection & Monitoring
Log Indicators:
- Segmentation fault errors in validator logs
- Unexpected node crashes
- INMSGPARAM instruction failures
Network Indicators:
- Unusual transaction patterns targeting specific opcodes
- Sudden validator node disconnections
SIEM Query:
source="ton-validator.log" AND ("segmentation fault" OR "null pointer" OR "INMSGPARAM")🔗 References
- https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226
- https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799
- https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233
- https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg
- https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html
