CVE-2025-70957
Published: 13 February 2026
Summary
CVE-2025-70957 is a high-severity Uncontrolled Recursion (CWE-674) vulnerability in Qq (inferred from references). Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-70957 is a Denial of Service (DoS) vulnerability affecting the TON Lite Server prior to version v2024.09. The issue stems from improper handling of external arguments passed to locally executed "get methods," enabling an attacker to inject a specially constructed Continuation object—an internal TVM type typically restricted within the virtual machine. When processed by the TVM, this object triggers excessive CPU resource consumption while incurring disproportionately low virtual gas costs, allowing unbounded computation that overwhelms the server.
The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable remotely over the network with low complexity and no privileges required. An unauthenticated attacker can send crafted arguments to the Lite Server's get methods via the gateway, causing the server to execute the malicious continuation. This monopolizes the server's processing power, drastically reducing throughput and denying service to legitimate users who rely on the gateway for access.
Mitigation is addressed in a commit to the ton-blockchain repository (e35b34de22109596a54d1357dcce92d63002ba95), with the vulnerability fixed in v2024.09 and later releases. Security practitioners should ensure TON Lite Servers are updated to at least v2024.09, as indicated by the referenced patch and advisories.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-207526
Vulnerability details
A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods." An attacker can inject a constructed Continuation object (an internal…
more
TVM type) that is normally restricted within the VM. When the TVM executes this malicious continuation, it consumes excessive CPU resources while accruing disproportionately low virtual gas costs. This "free" computation allows an attacker to monopolize the Lite Server's processing power, significantly reducing its throughput and causing a denial of service for legitimate users acting through the gateway.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of application logic (TVM continuation handling) to trigger CPU exhaustion and service denial.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates DoS attacks by implementing protections against excessive CPU resource consumption from malicious Continuation objects in TON Lite Server.
Validates external arguments passed to get methods to block injection of malformed Continuation objects that trigger unbounded low-cost computation.
Ensures timely patching to v2024.09 or later, remediating the improper TVM handling of restricted Continuation objects.