PANews reported on July 9 that BitsLab disclosed that its security team TonBit recently discovered a null pointer dereference vulnerability in the INMSGPARAM instruction in the TON virtual machine (TVM) v2025.04 version. Attackers can trigger the virtual machine crash by constructing special message parameters. The vulnerability was proactively reported by TonBit before the launch of TVM11 and was officially fixed and thanked. The root cause of the vulnerability is that the as_tuple() function did not perform a null pointer check. TonBit emphasized that it will continue to strengthen TVM security protection to ensure the stability of on-chain contract execution.