Cyber Resilience

CVE-2025-70957

HighDDoS

Published: 13 February 2026

Published
13 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 17.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70957 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Qq (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-70957 is a Denial of Service (DoS) vulnerability affecting the TON Lite Server prior to version v2024.09. The issue stems from improper handling of external arguments passed to locally executed "get methods," enabling an attacker to inject a specially constructed Continuation object—an internal TVM type typically restricted within the virtual machine. When processed by the TVM, this object triggers excessive CPU resource consumption while incurring disproportionately low virtual gas costs, allowing unbounded computation that overwhelms the server.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable remotely over the network with low complexity and no privileges required. An unauthenticated attacker can send crafted arguments to the Lite Server's get methods via the gateway, causing the server to execute the malicious continuation. This monopolizes the server's processing power, drastically reducing throughput and denying service to legitimate users who rely on the gateway for access.

Mitigation is addressed in a commit to the ton-blockchain repository (e35b34de22109596a54d1357dcce92d63002ba95), with the vulnerability fixed in v2024.09 and later releases. Security practitioners should ensure TON Lite Servers are updated to at least v2024.09, as indicated by the referenced patch and advisories.

EU & UK References

Vulnerability details

A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal…

more

TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of application logic (TVM continuation handling) to trigger CPU exhaustion and service denial.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-34211Shared CWE-674
CVE-2026-39376Shared CWE-674
CVE-2026-32141Shared CWE-674
CVE-2026-44289Shared CWE-674
CVE-2026-32944Shared CWE-674
CVE-2026-32933Shared CWE-674
CVE-2024-8176Shared CWE-674
CVE-2026-33498Shared CWE-674
CVE-2026-42039Shared CWE-674
CVE-2026-6479Shared CWE-674

Affected Assets

Qq
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates DoS attacks by implementing protections against excessive CPU resource consumption from malicious Continuation objects in TON Lite Server.

prevent

Validates external arguments passed to get methods to block injection of malformed Continuation objects that trigger unbounded low-cost computation.

prevent

Ensures timely patching to v2024.09 or later, remediating the improper TVM handling of restricted Continuation objects.

References