CVE-2025-52484: 
Rust vulnerability analysis and mitigation

RISC Zero, a general computing platform based on zk-STARKs and the RISC-V microarchitecture, disclosed a vulnerability in versions 2.0.0 through 2.0.2 of risc0-zkvm on June 20, 2025. The vulnerability (CVE-2025-52484) stems from a missing constraint in the rv32im circuit that affects any 3-register RISC-V instruction, including remu and divu operations. The vulnerability was discovered by Christoph Hochrainer through the Hackenproof bug bounty program (GitHub Advisory).

The vulnerability allows a malicious prover to exploit the RISC-V virtual machine by manipulating it to treat the value of the rs1 register as identical to the rs2 register due to insufficient constraints in the rv32im circuit. The issue received a CVSS v4.0 score of 2.7 (Low) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U. The vulnerability is classified under CWE-345 (Insufficient Verification of Data Authenticity) (NVD).

The vulnerability could potentially allow a malicious prover to manipulate register values in the RISC-V virtual machine, potentially compromising the integrity of computations performed within the zkVM environment. The impact is considered low severity according to the CVSS score, primarily affecting the integrity of the system without compromising confidentiality or availability (GitHub Advisory).

Users of risc0-zkvm versions 2.0.0, 2.0.1, and 2.0.2 should upgrade to version 2.1.0. For smart contract applications using the official RISC Zero Verifier Router, no action is required as zkVM version 2.1 is already active on all official routers, and version 2.0 has been disabled. Smart contract applications not using the verifier router should update their contracts to send verification calls to the 2.1 version of the verifier. The fix was implemented through zirgen/pull/238 and risc0/pull/3181 (GitHub Advisory).