CVE-2025-54873

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-54873
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54873.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-54873
Aliases
Published
2025-08-06T00:15:31Z
Modified
2025-08-07T04:57:19.742657Z
Summary
[none]
Details

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.

References

Affected packages

Git / github.com/risc0/risc0

Affected ranges

Type
GIT
Repo
https://github.com/risc0/risc0
Events
Introduced
3f26f9d4c2fb8a7e5eb830ae2433c8eae67f5a38
Last affected
0f60032dce731863eba197c8494bdf455445c4af

Affected versions

bonsai-v2.*

bonsai-v2.1.0-1

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.1.0