CVE-2025-70954

Name of the Vulnerable Software and Affected Versions TON Blockchain versions prior to 2025.06

Description A flaw exists in the TON Virtual Machine (TVM) within the TON Blockchain. The issue resides in the execution logic of the INMSGPARAM instruction, where the program does not validate if a pointer is null before accessing it. An attacker can trigger a null pointer dereference by sending a malicious transaction or smart contract. This can cause the validator node process to crash, resulting in a Denial of Service (DoS) and impacting the availability of the blockchain network.

Recommendations Update to version 2025.06 or later.