CVE-2025-52484: zkVM Underconstrained Vulnerability
(updated )
Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction (including remu and divu) in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The main idea for the attack is to confuse the RISC-V virtual machine into treating the value of the rs1 register as the same as the rs2 register due to a lack of constraints in the rv32im circuit.
This vulnerability was reported by Christoph Hochrainer via our Hackenproof bug bounty. We have evaluated the severity of the vulnerability as “Critical,” and paid a bounty.
References
- github.com/advisories/GHSA-g3qg-6746-3mg9
- github.com/risc0/risc0
- github.com/risc0/risc0/commit/006d86c363b16d2b2ac42d32d832a209ff8ab4c9
- github.com/risc0/risc0/commit/1873bbb8a56793edd1f6195242d184cf6cc5175d
- github.com/risc0/risc0/commit/67f2d81c638bff5f4fcfe11a084ebb34799b7a89
- github.com/risc0/risc0/pull/3181
- github.com/risc0/risc0/security/advisories/GHSA-g3qg-6746-3mg9
- github.com/risc0/zirgen/commit/e0e2918302c93e956f73ca2e44aef2b861d8c3ae
- github.com/risc0/zirgen/pull/238
- nvd.nist.gov/vuln/detail/CVE-2025-52484
Code Behaviors & Features
Detect and mitigate CVE-2025-52484 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →