CVE-2025-70954 Overview
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
Critical Impact
This vulnerability allows remote attackers to crash validator nodes through crafted transactions, potentially disrupting the entire TON blockchain network's availability.
Affected Products
- TON Blockchain versions prior to v2025.06
- TON Virtual Machine (TVM) with vulnerable INMSGPARAM instruction handling
- TON Validator Nodes running affected versions
Discovery Timeline
- February 13, 2026 - CVE-2025-70954 published to NVD
- February 18, 2026 - Last updated in NVD database
Technical Details for CVE-2025-70954
Vulnerability Analysis
This vulnerability falls under CWE-476 (NULL Pointer Dereference), a memory corruption issue that occurs when application code attempts to use a pointer that was expected to be valid but is null. In the context of the TON Virtual Machine, the vulnerability exists within the INMSGPARAM instruction execution logic.
The TON blockchain relies on validator nodes to process transactions and maintain network consensus. When a validator node processes a malicious transaction containing crafted smart contract code that triggers the INMSGPARAM instruction under specific conditions, the TVM fails to perform proper null pointer validation before dereferencing. This oversight allows an attacker to cause a segmentation fault, immediately terminating the validator process.
The network-wide impact is significant because if multiple validators can be targeted simultaneously, it could disrupt blockchain consensus and network availability. The attack requires no authentication or user interaction, making it particularly dangerous for public blockchain infrastructure.
Root Cause
The root cause of this vulnerability is missing null pointer validation in the TVM's INMSGPARAM instruction handler. When processing certain message parameters, the code assumes that a pointer to internal data structures is always valid. However, under specific execution conditions triggered by malicious smart contract code, this pointer can be null. The subsequent attempt to dereference this null pointer causes an immediate segmentation fault, crashing the validator node process.
Attack Vector
An attacker can exploit this vulnerability remotely by submitting a specially crafted transaction or deploying a malicious smart contract to the TON blockchain. The attack vector is network-based and requires no privileges or user interaction:
- The attacker constructs a malicious transaction containing smart contract bytecode that triggers the INMSGPARAM instruction under conditions that produce a null pointer
- The transaction is broadcast to the TON network
- Validator nodes receive and attempt to process the transaction
- During TVM execution, the vulnerable code path is triggered
- The null pointer dereference causes a segmentation fault, crashing the validator process
Technical details regarding the specific exploitation mechanism can be found in the GitHub Gist and the TonBit Vulnerability Discovery Blog.
Detection Methods for CVE-2025-70954
Indicators of Compromise
- Unexpected validator node crashes with segmentation fault (SIGSEGV) signals in system logs
- Repeated crash-restart cycles of validator processes during transaction processing
- Core dump files indicating null pointer access in TVM execution code paths
- Abnormal transaction patterns containing unusual INMSGPARAM instruction sequences
Detection Strategies
- Monitor validator node process stability and implement crash alerting for unexpected terminations
- Analyze core dumps and crash logs for null pointer dereference patterns in TVM-related code
- Implement transaction inspection rules to identify potentially malicious smart contract bytecode patterns
- Deploy network-level monitoring to detect coordinated attack attempts against multiple validators
Monitoring Recommendations
- Configure automated health checks for validator node processes with rapid restart detection
- Implement centralized logging for all validator nodes to correlate crash events across the network
- Set up alerts for unusual transaction patterns or smart contract deployments that may indicate exploitation attempts
- Monitor blockchain consensus metrics for anomalies that could indicate validator disruption attacks
How to Mitigate CVE-2025-70954
Immediate Actions Required
- Upgrade all TON blockchain validator nodes to version v2025.06 or later immediately
- Review validator node logs for any signs of exploitation attempts or unexpected crashes
- Implement network-level rate limiting on transaction processing to reduce DoS impact
- Ensure validator node restart automation is in place to minimize downtime during potential attacks
Patch Information
The TON development team has addressed this vulnerability in version v2025.06. The fix adds proper null pointer validation before accessing internal data structures during INMSGPARAM instruction execution. Organizations running TON validator nodes should apply this update immediately to protect against potential exploitation.
The security patch is available in GitHub Commit 9e5109d and the patched release can be obtained from the GitHub Release v2025.06.
Workarounds
- Deploy validator nodes in high-availability configurations with automatic failover to maintain network participation during potential attacks
- Implement process monitoring and automatic restart mechanisms to minimize downtime if a crash occurs
- Consider running multiple validator instances behind load balancing to distribute potential attack impact
- Apply network-level filtering to reject known malicious transaction patterns if specific signatures become available
# Example: Upgrade TON blockchain node to patched version
cd /path/to/ton
git fetch --tags
git checkout v2025.06
cmake -DCMAKE_BUILD_TYPE=Release ..
make -j$(nproc)
systemctl restart ton-validator
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
