CVE-2025-52884
CVE-2025-52884 is a low-severity vulnerability with a CVSS 4.0 base score of 1.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-159.
Key facts
- Severity: Low (CVSS 4.0 base score 1.7)
- EPSS exploit prediction: 0% (27th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-19064
- Weakness: CWE-159
- Published:
- Last modified:
Description
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.
Frequently asked questions
- What is CVE-2025-52884?
- RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.
- How severe is CVE-2025-52884?
- CVE-2025-52884 has a CVSS 4.0 base score of 1.7, rated low severity.
- Is CVE-2025-52884 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (27th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-52884?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-52884 have an EU (EUVD) identifier?
- Yes. CVE-2025-52884 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-19064.
- When was CVE-2025-52884 published?
- CVE-2025-52884 was published on 2025-06-24 and last updated on 2026-06-17.
References
- https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain
- https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63
- https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98
- https://github.com/risc0/risc0-ethereum/pull/605
- https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1
- https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0
- https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2
Other CWE-159 vulnerabilities
- CVE-2019-9505 — Critical (CVSS 9.8): The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special…
- CVE-2020-1648 — High (CVSS 7.5): On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing…
- CVE-2020-1646 — High (CVSS 7.5): On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a…
- CVE-2026-35536 — High (CVSS 7.2): In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to…
- CVE-2026-2636 — Medium (CVSS 5.5): This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which…
- CVE-2021-42375 — Medium (CVSS 5.5): An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted…