Plateforme
other
Composant
wabt
Corrigé dans
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32
1.0.33
1.0.34
1.0.35
1.0.36
1.0.37
1.0.38
CVE-2025-6275 describes a Use-After-Free vulnerability discovered in WebAssembly wabt, affecting versions from 1.0.0 through 1.0.37. This flaw resides within the GetFuncOffset function of the binary-reader-interp.cc file, potentially allowing for memory corruption. A fix is available in version 1.0.38, and the vulnerability has been publicly disclosed.
The Use-After-Free vulnerability in wabt allows an attacker to potentially trigger memory corruption. While the maintainer disputed a similar report, the potential for exploitation exists, particularly in scenarios where wabt is used to process untrusted WebAssembly modules. Successful exploitation could lead to denial-of-service (DoS) by crashing the wabt process or, in more complex scenarios, potentially allow for arbitrary code execution depending on the broader system context and how wabt is integrated. The impact is amplified if wabt is used in a critical infrastructure component or a system handling sensitive data.
CVE-2025-6275 was publicly disclosed on 2025-06-19. While a public proof-of-concept is currently unavailable, the vulnerability's disclosure and the potential for memory corruption raise concerns. The maintainer's previous dispute regarding a similar issue suggests the possibility of further scrutiny and potential re-evaluation of the vulnerability's severity and exploitability. The EPSS score is pending evaluation.
Developers and system administrators using WebAssembly wabt in their build pipelines, tooling, or applications are at risk. This includes those building and deploying WebAssembly modules, particularly in environments where untrusted code is processed. Shared hosting environments where wabt is used as a common component could also be affected.
• linux / server: Monitor wabt process memory usage for unusual spikes or patterns using tools like valgrind or perf. Examine system logs for crashes or errors related to wabt.
ps aux | grep wabt• generic web: If wabt is used as part of a web service, monitor web server logs for errors or unusual activity related to WebAssembly module processing.
curl -I <webassembly_endpoint>disclosure
Statut de l'Exploit
EPSS
0.06% (percentile 18%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-6275 is to upgrade to WebAssembly wabt version 1.0.38 or later. If upgrading is not immediately feasible, consider isolating wabt processes to limit the blast radius of a potential exploit. While a direct WAF rule is unlikely, monitoring wabt process behavior for unexpected memory access patterns could provide early detection. Review any custom WebAssembly modules processed by wabt for potential vulnerabilities that could be exploited in conjunction with this flaw.
Mettez à jour la bibliothèque WebAssembly wabt vers une version ultérieure à 1.0.9, si elle est disponible, pour corriger la vulnérabilité de use-after-free. Soyez attentif aux discussions concernant la validité de ce CVE, car il pourrait être contesté. Consultez les notes de la version pour plus de détails sur la correction.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-6275 is a Use-After-Free vulnerability affecting WebAssembly wabt versions 1.0.0–1.0.37. It allows for potential memory corruption when processing WebAssembly modules.
If you are using WebAssembly wabt versions 1.0.0 through 1.0.37, you are potentially affected by this vulnerability. Check your installed version and upgrade if necessary.
Upgrade to WebAssembly wabt version 1.0.38 or later to remediate the vulnerability. If immediate upgrade is not possible, consider isolating wabt processes.
While no public exploit is currently available, the vulnerability has been disclosed and may be exploited. Monitor your systems for suspicious activity.
Refer to the official WebAssembly project website and security advisories for the most up-to-date information regarding CVE-2025-6275.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.