CVE-2025-70955

High

Published: 13 February 2026

Published

13 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0003 7.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70955 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Qq (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CP-7 Alternate Processing Site

addresses: CWE-674

Supports resumption at alternate site when uncontrolled recursion causes primary site failure or crash.

SC-5 Denial-of-service Protection

addresses: CWE-674

Prevents uncontrolled recursion that exhausts stack or CPU resources.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Vulnerability enables remote unauthenticated exploitation of a public-facing VM service (blockchain validator) via malicious input leading to resource exhaustion DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by…

crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.

Deeper analysisAI

CVE-2025-70955, published on 2026-02-13, is a stack overflow vulnerability in the TON Virtual Machine (TVM) prior to version v2024.10. The flaw stems from improper handling of vmstate and continuation jump instructions, which permit continuous dynamic tail calls. This allows a crafted smart contract with deeply nested jump logic to exhaust the host process's stack space, even within standard gas limits, ultimately crashing the validator node.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-674 (Uncontrolled Recursion). Remote, unauthenticated attackers can exploit it by deploying a malicious smart contract on the TON blockchain. Exploitation leads to a Denial of Service (DoS) by causing validator node crashes, disrupting network operations.

Mitigation requires upgrading to TVM v2024.10 or later, where the issue is addressed via a specific commit in the ton-blockchain/ton repository. Release notes for v2024.10 reference security fixes, including contributions related to this vulnerability. Further technical details and a proof-of-concept are available in the provided references.