Cyber Resilience

CVE-2025-70954

High

Published: 13 February 2026

Published
13 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0003 9.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70954 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Qq (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-11 (Error Handling).

Deeper analysis

A null pointer dereference vulnerability, tracked as CVE-2025-70954 and assigned CWE-476, affects the TON Virtual Machine (TVM) in the TON Blockchain prior to version v2025.06. The flaw resides in the execution logic of the INMSGPARAM instruction, where the code fails to validate whether a specific pointer is null before dereferencing it. This issue, published on 2026-02-13 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), impacts validator nodes running vulnerable versions of the TON software.

Any unauthenticated attacker with network access can exploit this vulnerability by sending a malicious transaction or smart contract to a vulnerable validator node. Successful exploitation triggers a null pointer dereference, resulting in a segmentation fault that crashes the validator node process. This leads to a denial-of-service (DoS) condition, disrupting the availability of the affected validator and potentially impacting the broader TON Blockchain network if multiple nodes are targeted.

Mitigation requires updating to TON Blockchain version v2025.06 or later, where the issue is addressed via a specific commit in the ton-blockchain/ton repository. Official release notes credit contributors including TonBit researchers for the discovery and patch, marking this as the third critical TVM vulnerability identified by TonBit with recognition from the TON team.

EU & UK References

Vulnerability details

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer…

more

is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Null pointer dereference in TVM enables remote exploitation of the validator process to trigger a crash, directly matching application/system exploitation for endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-40413Shared CWE-476
CVE-2025-57155Shared CWE-476
CVE-2026-28390Shared CWE-476
CVE-2026-23952Shared CWE-476
CVE-2025-57156Shared CWE-476
CVE-2025-63647Shared CWE-476
CVE-2025-69624Shared CWE-476
CVE-2024-55193Shared CWE-476
CVE-2025-63648Shared CWE-476
CVE-2026-25795Shared CWE-476

Affected Assets

Qq
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 mandates timely identification, reporting, and correction of software flaws like the null pointer dereference in TVM's INMSGPARAM instruction, preventing DoS crashes via patching to v2025.06.

prevent

SI-11 requires effective error handling that prevents exploitation of null pointer dereferences during instruction execution, directly addressing the failure to validate pointers before access.

prevent

SC-5 implements controls to protect against or limit DoS events such as validator node crashes triggered by malicious transactions exploiting the TVM vulnerability.

References