CVE-2025-61588 | risc0 RISC Zero up to 2.0.x sys_read code injection (GHSA-jqq4-c7wq-36h7)

October 2, 2025 Yanac

A vulnerability has been found in risc0 RISC Zero up to 2.0.x and classified as critical. Affected by this issue is the function sys_read. Performing manipulation results in code injection.

This vulnerability is cataloged as CVE-2025-61588. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More