216.73.217.98

CVE-2025-54873

· Published 06/08/2025 00:15 · Modified 06/08/2025 20:23

Labels: CVE-2025-54873 2025-08-06CVE-2025-54873CWE-369[email protected]

Essential information

Published
06/08/2025 00:15
Modified
06/08/2025 20:23
Author
Creator
CVSS
2.7 LOW (v3) 2.7 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
risc zero / risc0-zkvm cpe:2.3:a:risc_zero:risc0-zkvm:2.0.0-2.1.0:*:*:*:*:*:*:*
risc zero / risc0-circuit-rv32im cpe:2.3:a:risc_zero:risc0-circuit-rv32im:2.0.0-2.0.4:*:*:*:*:*:*:*
risc zero / risc0-circuit-rv32im-sys cpe:2.3:a:risc_zero:risc0-circuit-rv32im-sys:2.0.0-2.0.4:*:*:*:*:*:*:*

References