How severe is CVE-2025-46723?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-46723?

This is classified as CWE-131, which is a common weakness in software security.

CVE-2025-46723 - HIGH Severity | CVSS N/A

Vulnerability Description

OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in the if statement never being triggered because the enumeration gives i=0,1,2, when instead the enumeration should give i=1,2,3, leaving pc_limbs[3] range checked to 8-bits instead of 6-bits. This leads to a vulnerability where the pc_limbs decomposition differs from the true pc, which means a malicious prover can make the destination register take a different value than the AUIPC instruction dictates, by making the decomposition overflow the BabyBear field. This issue has been patched in version 1.1.0.

Related Vulnerabilities

CVE-2001-0248

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

CWE-1312001

CVE-2001-0249

CRITICAL

CVSS:9.8(Critical)

Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

CWE-1312001

CVE-2002-1347

CRITICAL

CVSS:9.8(Critical)

Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonical...

CWE-1312002

CVE-2003-0899

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the...

CWE-1312003

CVE-2004-0434

CRITICAL

CVSS:9.8(Critical)

k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based ...

CWE-1312004

CVE-2004-1363

CRITICAL

CVSS:9.8(Critical)

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CWE-1312004