CVE-2025-70954

HIGH

TON Blockchain < v2025.06 - Denial of Service via Null Pointer Dereference in TVM INMSGPARAM Instruction

Title source: llm

Description

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

References (5)

Core 4Other ecosystem 1

Core References

Various Sources

https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226

Various Sources

https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-Virtual-Machine-for-the-Third-Time-Once-Again-Receiving-Official-Recognition-from-the-TON-Team.html

Patch

https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c3711103841b799

View Patch ZIP pw:eip

Release Notes

https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20wy666444%2C%20Robinlzw%2C%20Lucian-code233

Other Ecosystem Writeups (1)

Various Sources

https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg

Scores

CVSS v3 7.5

EPSS 0.0055

EPSS Percentile 41.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Published Feb 13, 2026

Tracked Since Feb 18, 2026