Browse all 4 CVE security advisories affecting risc0. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RISC0 is an open-source zero-knowledge virtualization platform designed for secure computation, primarily used in blockchain and decentralized applications to verify execution integrity. Historically, it has been susceptible to remote code execution vulnerabilities due to memory corruption flaws in its zkVM implementation, along with privilege escalation issues from improper access controls. While no major public security incidents have been documented, the four recorded CVEs highlight persistent risks in input validation and memory safety. Its security model relies on formal verification, though real-world implementations have introduced exploitable edge cases, particularly in boundary conditions between guest and host environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-61588 | risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read` — risc0CWE-94 | 8.8AI | HighAI | 2025-10-01 |
| CVE-2025-54873 | RISC Zero Underconstrained Vulnerability: Division — risc0CWE-369 | 5.5AI | MediumAI | 2025-08-05 |
| CVE-2025-52884 | risc0-ethereum-contracts allows invalid commitment with digest value of zero to be accepted by Steel.validateCommitment — risc0-ethereumCWE-159 | - | -AI | 2025-06-24 |
| CVE-2025-52484 | RISC Zero zkVM Underconstrained Vulnerability — risc0CWE-345 | 9.6AI | CriticalAI | 2025-06-20 |
This page lists every published CVE security advisory associated with risc0. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.