Home > Vulnerability Database > CVE-2025-54873

Mend.io Vulnerability Database

CVE-2025-54873

Good to know:

Date: August 5, 2025

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.

Severity Score

6.5

Related Resources (6)

Url: https://github.com/risc0/risc0

Url: https://github.com/risc0/zirgen/pull/249

Url: https://github.com/risc0/risc0/pull/3235

Url: https://github.com/risc0/risc0/security/advisories/GHSA-f6rc-24x4-ppxp

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54873

Url: https://www.mend.io/vulnerability-database/CVE-2025-54873

Severity Score

6.5

Weakness Type (CWE)

Divide By Zero

CWE-369

Top Fix

Upgrade Version

Upgrade to version risc0-circuit-rv32im - 2.3.0;risc0-circuit-rv32im-sys - 2.3.0;risc0-zkvm - 2.2.0;https://github.com/risc0/risc0.git - v3.0.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54873

Good to know:

Date: August 5, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?