Description

OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.

INFO

Published Date :

2025-05-02T22:18:55.696Z

Last Modified :

2025-05-06T14:37:52.764Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-46723 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-46723.

URL Resource
https://cantina.xyz/code/c486d600-bed0-4fc6-aed1-de759fd29fa2/findings/21 cve-icon cve-icon
https://github.com/openvm-org/openvm/blob/0f94c8a3dfa7536c1231465d1bdee5fc607a5993/extensions/rv32im/circuit/src/auipc/core.rs#L135 cve-icon cve-icon
https://github.com/openvm-org/openvm/commit/68da4b50c033da5603517064aa0a08e1bbf70a01 cve-icon cve-icon
https://github.com/openvm-org/openvm/releases/tag/v1.1.0 cve-icon cve-icon
https://github.com/openvm-org/openvm/security/advisories/GHSA-jf2r-x3j4-23m7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability