What is the CVSS score of CVE-2025-70954?

CVE-2025-70954 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2025-70954?

Within 24 hours: Inventory all TON Blockchain infrastructure and identify systems running versions before v2025.06; assess exposure to untrusted transaction sources. Within 7 days: Implement network segmentation to restrict INMSGPARAM instruction processing from untrusted networks; enable enhanced monitoring and alerting for TVM crashes or anomalous behavior. Within 30 days: Establish communication with TON development team regarding patch timeline; evaluate migration plans to patched versions once available; conduct penetration testing on affected systems.

CVE-2025-70954

HIGH

NULL Pointer Dereference (CWE-476)

2026-02-13 cve@mitre.org

Denial Of Service Null Pointer Dereference

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 13, 2026 - 22:16 nvd

HIGH 7.5

DescriptionNVD

A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (DoS) affecting the availability of the entire blockchain network.

AnalysisAI

Technical ContextAI

Classified as CWE-476 (NULL Pointer Dereference). A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, where the program fails to validate if a specific pointer is null before accessing it. By sending a malicious transaction or smart contract, an attacker can trigger this null pointer dereference, causing the validator node process to crash (segmentation fault). This results in a Denial of Service (Do

Affected ProductsAI

Component: a Denial of.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-70954 vulnerability details – vuln.today

Back

CVE-2025-70954

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code