On July 9, CoinWorld reported that BitsLab disclosed its security team TonBit recently discovered a null pointer dereference vulnerability in the INMSGPARAM instruction in the TON Virtual Machine (TVM) v2025.04 version. Attackers can trigger a crash of the virtual machine by constructing special message parameters. This vulnerability was proactively reported by TonBit before the launch of TVM11 and has been officially fixed and acknowledged. The root cause of the vulnerability is the as_tuple() function not performing null pointer checks. TonBit emphasized that it will continue to strengthen TVM security protection to ensure the stability of on-chain contract execution.