CVE-2025-52884: RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
(updated )
Prior to 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero.
This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel. Leveraging this bug to compromise the soundness of an application using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs (e.g. having the guest commit to a digest of zero, or failing to check the zkVM proof).
Because this bug does not risk application integrity, correctly written applications are not at risk.
References
- docs.beboundless.xyz/developers/steel/how-it-works
- github.com/advisories/GHSA-gjv3-89hh-9xq2
- github.com/risc0/risc0-ethereum
- github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol
- github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98
- github.com/risc0/risc0-ethereum/pull/605
- github.com/risc0/risc0-ethereum/releases/tag/v2.1.1
- github.com/risc0/risc0-ethereum/releases/tag/v2.2.0
- github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2
- nvd.nist.gov/vuln/detail/CVE-2025-52884
Code Behaviors & Features
Detect and mitigate CVE-2025-52884 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →