EUVD-2025-32056

Malicious code in bioql PyPI...

CVE-2025-61588 risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sysread, the host is able to use a crafted response to write to an arbitrary memory location in th...