Description

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

INFO

Published Date :

2026-02-13T00:00:00.000Z

Last Modified :

2026-02-17T18:29:09.899Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-70954 vulnerability.

Vendors Products
Ton-blockchain
  • Ton
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-70954.

URL Resource
https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226 cve-icon cve-icon
https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799 cve-icon cve-icon
https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233 cve-icon cve-icon
https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg cve-icon cve-icon
https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact