Vulnerability in Risc0 Risc0-ethereum

CVE-2025-52884

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 a…

EPSS: 0.005 (65.7th percentile) — read the EPSS interpretation.

Affected products

Risc0 Risc0-ethereum — versions < 2.1.1

Weakness classification (CWE)

CWE-159

References

https://github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2 (x_refsource_CONFIRM)
https://github.com/risc0/risc0-ethereum/pull/605 (x_refsource_MISC)
https://github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98 (x_refsource_MISC)
https://docs.beboundless.xyz/developers/steel/how-it-works#verifying-the-proof-onchain (x_refsource_MISC)
https://github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.sol#L56-L63 (x_refsource_MISC)
https://github.com/risc0/risc0-ethereum/releases/tag/v2.1.1 (x_refsource_MISC)
https://github.com/risc0/risc0-ethereum/releases/tag/v2.2.0 (x_refsource_MISC)