{"uuid": "d12cd29b-abb3-48a5-ab82-b647a8dcb9de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-52884", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19397", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-52884\n\ud83d\udd25 CVSS Score: 1.7 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U)\n\ud83d\udd39 Description: RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.\n\ud83d\udccf Published: 2025-06-24T20:20:17.287Z\n\ud83d\udccf Modified: 2025-06-24T20:20:17.287Z\n\ud83d\udd17 References:\n1. https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2\n2. https://github.com/risc0/risc0-ethereum/pull/605\n3. https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98\n4. https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain\n5. https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63\n6. https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1\n7. https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0", "creation_timestamp": "2025-06-24T20:47:48.000000Z"}