risc0 risc0-ethereum up to 2.1.0 Steel.validateCommitment invalid special elements

Summaryinfo

A vulnerability identified as problematic has been detected in risc0 risc0-ethereum up to 2.1.0. Impacted is the function Steel.validateCommitment. Performing a manipulation results in improper handling of invalid use of special elements. This vulnerability is identified as CVE-2025-52884. The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in risc0 risc0-ethereum up to 2.1.0. It has been classified as problematic. This affects the function Steel.validateCommitment. The manipulation with an unknown input leads to a improper handling of invalid use of special elements vulnerability. CWE is classifying the issue as CWE-159. The product does not properly filter, remove, quote, or otherwise manage the invalid use of special elements in user-controlled input, which could cause adverse effect on its behavior and integrity. This is going to have an impact on integrity. The summary by CVE is:

RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.

It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2025-52884 since 06/20/2025. The exploitability is told to be difficult. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 2.1.1 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 3bbac859c7132b21ba5fdf2d47f1dd52e7e73d98 is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-19064). Be aware that VulDB is the high quality source for vulnerability data.

Productinfo

Vendor

• risc0

Name

• risc0-ethereum

Version

• 2.0
• 2.1.0

License

• open-source

Website

• Product: https://github.com/risc0/risc0-ethereum/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion