CVE-2025-52884: 
Rust vulnerability analysis and mitigation

RISC Zero's Steel.validateCommitment Solidity library function, prior to versions 2.1.1 and 2.2.0, contained a vulnerability (CVE-2025-52884) that would return true for a crafted commitment with a digest value of zero. The vulnerability was discovered and disclosed on June 24, 2025, affecting the risc0-ethereum repository which contains Solidity verifier contracts and Steel EVM view call library (GitHub Advisory, NVD).

The vulnerability exists in the Steel.validateCommitment function where it incorrectly validates commitments with a digest value of zero. This violates the semantic requirements of validateCommitment as it does not properly commit to a block in the current chain. The CVSS v4.0 score for this vulnerability is 1.7 LOW with the vector string CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U (Wiz).

The impact of this vulnerability is considered low as exploiting it would require a separate bug or misuse of the Steel library. Because the digest value of zero does not correspond to any valid block and has no known openings, this commitment would never be produced by a correct zkVM guest using Steel. Applications properly implementing Steel's validation in combination with zkVM proof verification are not at risk (GitHub Advisory).

The vulnerability has been patched in versions 2.1.1 and 2.2.0 of risc0-ethereum. Users of Steel Solidity library versions 2.1.0 or earlier should ensure they are using Steel.validateCommitment in conjunction with zkVM proof verification of a Steel program, as demonstrated in the ERC-20 counter example and documentation. Users not verifying a zkVM proof of a Steel program should update their application to implement proper verification (GitHub Advisory).

The vulnerability was responsibly disclosed through HackenProof by researcher Daniel526. The RISC Zero team promptly addressed the issue and released patches in versions 2.1.1 and 2.2.0 (Wiz).