CVE-2025-54873 RISC Zero Underconstrained Vulnerability: Division

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed...

PT-2025-32005 · Risc Zero · Risc0-Zkvm +2

Name of the Vulnerable Software and Affected Versions: risc0-zkvm versions 2.0.0 through 2.1.0 risc0-circuit-rv32im versions 2.0.0 through 2.0.4 risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 Description: RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARK...

CVE-2025-52484

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...

CVE-2025-52484 RISC Zero zkVM Underconstrained Vulnerability

RISC Zero is a general computing platform based on zk-STARKs and the RISC-V microarchitecture. Due to a missing constraint in the rv32im circuit, any 3-register RISC-V instruction including remu and divu in risc0-zkvm 2.0.0, 2.0.1, and 2.0.2 are vulnerable to an attack by a malicious prover. The...