What is the CVSS score of CVE-2025-70955?

CVE-2025-70955 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2025-70955?

Within 24 hours: Inventory all systems running TVM versions prior to v2024.10 and assess whether they process untrusted smart contracts or external transactions. Within 7 days: Implement network segmentation to isolate affected TVM nodes and establish monitoring for abnormal stack behavior or service crashes. Within 30 days: Develop and test an upgrade plan to TVM v2024.10 or later, coordinate with TON foundation for patch availability confirmation, and document all mitigations applied.

CVE-2025-70955

HIGH

Uncontrolled Recursion (CWE-674)

2026-02-13 cve@mitre.org

Denial Of Service Stack Overflow

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 13, 2026 - 22:16 nvd

HIGH 7.5

DescriptionNVD

A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Service (DoS) for the TON blockchain network.

AnalysisAI

Technical ContextAI

Classified as CWE-674 (Uncontrolled Recursion). A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract with deeply nested jump logic. Even within permissible gas limits, this nested execution exhausts the host process's stack space, causing the validator node to crash. This results in a Denial of Servic

Affected ProductsAI

Component: a Denial of.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-70955 vulnerability details – vuln.today

Back

CVE-2025-70955

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code