Description

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program. Other affected packages include risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1. This issue has been fixed in the following versions: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3.

INFO

Published Date :

2025-10-01T23:30:26.257Z

Last Modified :

2025-10-02T18:01:05.528Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61588 vulnerability.

Vendors Products
Risc Zero Project
  • Risc Zero
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61588.

URL Resource
https://github.com/risc0/risc0/commit/3f00e1fa0159599c1601e788021f2169d1f0a4dc cve-icon cve-icon
https://github.com/risc0/risc0/pull/3351 cve-icon cve-icon
https://github.com/risc0/risc0/security/advisories/GHSA-jqq4-c7wq-36h7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability