CVE-2025-52884
Description
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the Steel.validateCommitment Solidity library function will return true for a crafted commitment with a digest value of zero. This violates the semantics of validateCommitment, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of risc0-ethereum 2.1.1 and 2.2.0. Users for the Steel Solidity library versions 2.1.0 or earlier should ensure they are using Steel.validateCommitment in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
risc0-ethereum-contractscrates.io | < 2.1.1 | 2.1.1 |
Affected products
2- Range: aggregation-v0.7.0, op-steel-v0.6.0, v2.1.0
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-gjv3-89hh-9xq2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-52884ghsaADVISORY
- docs.beboundless.xyz/developers/steel/how-it-worksnvdWEB
- github.com/risc0/risc0-ethereum/blob/ff0cb9253a87945b653b825711b8b5075f8b7545/examples/erc20-counter/contracts/src/Counter.solnvdWEB
- github.com/risc0/risc0-ethereum/commit/3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98nvdWEB
- github.com/risc0/risc0-ethereum/pull/605nvdWEB
- github.com/risc0/risc0-ethereum/releases/tag/v2.1.1nvdWEB
- github.com/risc0/risc0-ethereum/releases/tag/v2.2.0nvdWEB
- github.com/risc0/risc0-ethereum/security/advisories/GHSA-gjv3-89hh-9xq2nvdWEB
News mentions
0No linked articles in our index yet.