Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
TON Blockchain crashes if malicious transaction is sent
CVE-2025-70954
Summary
A flaw in the TON Blockchain's virtual machine can cause the entire network to become unavailable if a malicious transaction is sent. This could be done by an attacker to disrupt the network. To fix this, update to version 2025.06 or later.
Original title
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction...
Original description
A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.
nvd CVSS3.1
7.5
Vulnerability type
CWE-476
NULL Pointer Dereference
- https://gist.github.com/Lucian-code233/04940a264cab50732cc07fd991749226
- https://github.com/ton-blockchain/ton/commit/9e5109d56bc4f2345a00b2271c371110384...
- https://github.com/ton-blockchain/ton/releases/tag/v2025.06#:~:text=AArayz%2C%20...
- https://mp.weixin.qq.com/s/IbRKrCKdMyIi-azkuqOOvg
- https://www.tonbit.xyz/blog/post/TonBit-Discovers-Critical-Vulnerability-on-TON-...
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026