CVE-2025-46723

Name of the Vulnerable Software and Affected Versions OpenVM version 1.0.0

Description The issue is related to an overflow vulnerability in the AUIPC instruction decomposition of the OpenVM framework. A typo in the code results in incorrect range checking of the highest limb of pc, leading to a situation where a malicious prover can manipulate the destination register to take a different value than intended. This is achieved by making the decomposition overflow the BabyBear field.

Recommendations For OpenVM version 1.0.0, update to version 1.1.0 to resolve the issue. As a temporary workaround, consider restricting the use of the AUIPC instruction in the affected version until the patch is applied.