Description

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.

INFO

Published Date :

2025-08-05T23:35:09.208Z

Last Modified :

2025-08-06T13:53:46.107Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54873 vulnerability.

Vendors Products
Risc Zero Project
  • Risc Zero
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54873.

URL Resource
https://github.com/risc0/risc0/pull/3235 cve-icon cve-icon
https://github.com/risc0/risc0/security/advisories/GHSA-f6rc-24x4-ppxp cve-icon cve-icon
https://github.com/risc0/zirgen/pull/249 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability