CVE-2025-70954
Published: 13 February 2026
Summary
CVE-2025-70954 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Qq (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).
Deeper analysis
A null pointer dereference vulnerability, tracked as CVE-2025-70954 and assigned CWE-476, affects the TON Virtual Machine (TVM) in the TON Blockchain prior to version v2025.06. The flaw resides in the execution logic of the INMSGPARAM instruction, where the code fails to validate whether a specific pointer is null before dereferencing it. This issue, published on 2026-02-13 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), impacts validator nodes running vulnerable versions of the TON software.
Any unauthenticated attacker with network access can exploit this vulnerability by sending a malicious transaction or smart contract to a vulnerable validator node. Successful exploitation triggers a null pointer dereference, resulting in a segmentation fault that crashes the validator node process. This leads to a denial-of-service (DoS) condition, disrupting the availability of the affected validator and potentially impacting the broader TON Blockchain network if multiple nodes are targeted.
Mitigation requires updating to TON Blockchain version v2025.06 or later, where the issue is addressed via a specific commit in the ton-blockchain/ton repository. Official release notes credit contributors including TonBit researchers for the discovery and patch, marking this as the third critical TVM vulnerability identified by TonBit with recognition from the TON team.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207528
Vulnerability details
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer…
more
is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Null pointer dereference in TVM enables remote exploitation of the validator process to trigger a crash, directly matching application/system exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 mandates timely identification, reporting, and correction of software flaws like the null pointer dereference in TVM's INMSGPARAM instruction, preventing DoS crashes via patching to v2025.06.
SI-11 requires effective error handling that prevents exploitation of null pointer dereferences during instruction execution, directly addressing the failure to validate pointers before access.
SC-5 implements controls to protect against or limit DoS events such as validator node crashes triggered by malicious transactions exploiting the TVM vulnerability.