Close Menu
    DevStackTipsDevStackTips
    • Home
    • News & Updates
      1. Tech & Work
      2. View All

      The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

      August 8, 2025

      This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

      August 8, 2025

      Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

      August 7, 2025

      OpenAI launches GPT-5

      August 7, 2025

      I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

      August 10, 2025

      I changed these 6 settings on my iPad to significantly improve its battery life

      August 10, 2025

      DistroWatch Weekly, Issue 1134

      August 10, 2025

      3 portable power stations I travel everywhere with (and how they differ)

      August 9, 2025
    • Development
      1. Algorithms & Data Structures
      2. Artificial Intelligence
      3. Back-End Development
      4. Databases
      5. Front-End Development
      6. Libraries & Frameworks
      7. Machine Learning
      8. Security
      9. Software Engineering
      10. Tools & IDEs
      11. Web Design
      12. Web Development
      13. Web Security
      14. Programming Languages
        • PHP
        • JavaScript
      Featured

      Next.js PWA offline capability with Service Worker, no extra package

      August 10, 2025
      Recent

      Next.js PWA offline capability with Service Worker, no extra package

      August 10, 2025

      spatie/laravel-flare

      August 9, 2025

      Establishing Consistent Data Foundations with Laravel’s Database Population System

      August 8, 2025
    • Operating Systems
      1. Windows
      2. Linux
      3. macOS
      Featured

      Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

      August 10, 2025
      Recent

      Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

      August 10, 2025

      Best Architecture AI Rendering Platform: 6 Tools Tested

      August 10, 2025

      Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

      August 10, 2025
    • Learning Resources
      • Books
      • Cheatsheets
      • Tutorials & Guides
    Home»Security»Common Vulnerabilities and Exposures (CVEs)»CVE-2025-52884 – RISC Zero Steel Solidity Library Commitment Validation Weakness

    CVE-2025-52884 – RISC Zero Steel Solidity Library Commitment Validation Weakness

    June 24, 2025

    CVE ID : CVE-2025-52884

    Published : June 24, 2025, 9:15 p.m. | 5 hours, 40 minutes ago

    Description : RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel.

    Severity: 0.0 | NA

    Visit the link for more details, such as CVSS details, affected products, timeline, and more…

    Source: Read More

    Facebook Twitter Reddit Email Copy Link
    Previous ArticleCVE-2025-6580 – SourceCodester Best Salon Management System SQL Injection Vulnerability
    Next Article CVE-2025-52883 – Meshtastic-Android PKC Impersonation Vulnerability

    Related Posts

    Development

    Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

    August 10, 2025
    Development

    Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

    August 10, 2025
    Leave A Reply Cancel Reply

    For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

    Continue Reading

    CVE-2025-6333 – PHPGurukul Directory Management System SQL Injection Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-5426 – Juzaweb CMS Menu Page Remote Access Control Vulnerability

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-45011 – “PHPGurukul Park Ticketing Management System HTML Injection Vulnerability”

    Common Vulnerabilities and Exposures (CVEs)

    CVE-2025-34090 – “Google Chrome AppBound Cookie Encryption Bypass”

    Common Vulnerabilities and Exposures (CVEs)

    Highlights

    Development

    Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks

    August 1, 2025

    The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft…

    Mixture-of-Agents (MoA): A Breakthrough in LLM Performance

    August 9, 2025

    Responsive Design Principles

    July 21, 2025

    CVE-2025-53614 – OpenVAS vulnerability in OpenVAS

    July 8, 2025
    © DevStackTips 2025. All rights reserved.
    • Contact
    • Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.