CVE-2025-70955

Published: Feb 13, 2026

Modified: Feb 18, 2026

PUBLISHED

Description

A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/ton-blockchain/ton/commit/b5734d2e30b9c93cfdacb4ea37c9ebdf11ca5d49#diff-17eca9db515992a081522236bf9bad767fac171044f7c00c20bf740f4206b3de

https://github.com/ton-blockchain/ton/releases/tag/v2024.10#:~:text=krigga%20%28emulator%29%2C-%2CArayz%2C-%40%20TonBit%20%28LS%20security

https://mp.weixin.qq.com/s/wy2ea6udkNZzIsp1K2LEOQ

https://gist.github.com/Lucian-code233/25b0a13be569db9160340d9ecd2fdf0d

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70955

Description

Affected Products

References