High severity7.5NVD Advisory· Published Feb 13, 2026· Updated Apr 15, 2026

CVE-2025-70955

Description

A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.

Affected products

Ton Blockchain/Tonreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/Lucian-code233/25b0a13be569db9160340d9ecd2fdf0dnvd
github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49nvd
github.com/ton-blockchain/ton/releases/tag/v2024.10nvd
mp.weixin.qq.com/s/wy2ea6udkNZzIsp1K2LEOQnvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000