CVE-2025-61588 in RISC Zero
Summary
by MITRE • 10/02/2025
RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls sys_read, the host is able to use a crafted response to write to an arbitrary memory location in the guest. This capability can be leveraged to execute arbitrary code within the guest. As sys_read is the mechanism by which input is requested by the guest, all guest programs built with the affected versions are vulnerable. This critically compromises the soundness guarantees of the guest program. Other affected packages include risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1. This issue has been fixed in the following versions: risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/02/2025
The vulnerability CVE-2025-61588 represents a critical memory corruption flaw within the RISC Zero zero-knowledge computing platform that fundamentally undermines the security guarantees of zk-STARK based applications. This issue exists in the risc0-zkvm-platform component version 2.0.2 and earlier, where the host system can manipulate guest program execution through improper handling of the sys_read system call mechanism. The vulnerability stems from insufficient input validation and memory boundary checking during the guest-host communication process, creating a pathway for arbitrary code execution within the guest environment. The flaw specifically affects the zkVM guest's ability to safely receive input, as the sys_read function serves as the primary interface for input requests in guest programs. This creates a fundamental breach in the platform's security model, where the host system can craft malicious responses that result in memory writes to arbitrary locations within the guest's address space, effectively allowing complete code execution control.
The technical exploitation of this vulnerability occurs through the manipulation of the sys_read system call response handling mechanism, which operates under the assumption that host responses are trustworthy and properly formatted. When a guest program makes a sys_read call to request input, the host responds with data that should be safely copied into the guest's memory. However, the vulnerable implementation fails to validate the response data structure, allowing an attacker to craft malicious responses that contain memory addresses and instructions designed to overwrite critical guest memory regions. This memory corruption capability directly enables arbitrary code execution within the guest context, bypassing all the security guarantees that make zero-knowledge proofs trustworthy. The vulnerability is classified as a buffer overflow and memory corruption issue under CWE-121, with specific implications for the integrity of guest program execution. The flaw also aligns with ATT&CK technique T1059.001 for command and scripting interpreter and T1068 for exploit for privilege escalation, as it allows for code execution that can potentially escalate privileges within the guest environment.
The operational impact of CVE-2025-61588 is catastrophic for any system relying on RISC Zero's zero-knowledge computing capabilities, as it completely compromises the soundness guarantees that make these platforms suitable for security-critical applications. All guest programs built with affected versions become vulnerable to arbitrary code execution, meaning that any input processing, cryptographic operations, or sensitive computations performed within these programs can be subverted by a malicious host. The vulnerability affects multiple components of the RISC Zero ecosystem including risc0-aggregation versions below 0.9, risc0-zkos-v1compat below 2.1.0, and risc0-zkvm versions between 3.0.0-rc.1 and 3.0.1, creating a widespread impact across the platform's ecosystem. This vulnerability undermines the core principle of zero-knowledge proofs where the guest program should remain isolated and secure from host interference, making the entire platform susceptible to attacks that can compromise sensitive computations and data processing. The issue particularly affects applications that depend on input validation and secure execution environments, as any program utilizing the affected versions becomes inherently untrustworthy.
The remediation for CVE-2025-61588 requires immediate upgrade to the patched versions of all affected components including risc0-zkvm-platform 2.1.0, risc0-zkos-v1compat 2.1.0, risc0-aggregation 0.9, and risc0-zkvm 2.3.2 and 3.0.3. Organizations should conduct comprehensive security audits of all systems using affected versions to identify and remediate any potential exploitation attempts. The fix addresses the root cause by implementing proper input validation and memory boundary checking for sys_read responses, ensuring that host responses cannot be used to write to arbitrary memory locations within the guest environment. Security teams should also implement monitoring for suspicious sys_read behavior and consider implementing additional sandboxing measures for programs that process untrusted input. The vulnerability highlights the importance of maintaining strict security boundaries between host and guest environments in zero-knowledge computing platforms, and organizations should review their entire RISC Zero ecosystem to ensure all components are updated to secure versions. This incident underscores the critical nature of vulnerability management in cryptographic systems where a single flaw can compromise the entire security model of complex zero-knowledge proof systems.