CVE-2025-6275

Public Exploit

WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free

Description

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

References

Link	Tags
https://vuldb.com/?id.313279	vdb entry technical description third party advisory
https://vuldb.com/?ctiid.313279	vdb entry signature permissions required third party advisory
https://vuldb.com/?submit.593017	vdb entry third party advisory
https://github.com/WebAssembly/wabt/issues/2614	exploit issue tracking
https://github.com/user-attachments/files/20623626/wabt_crash_5.txt	exploit

Frequently Asked Questions

What is the severity of CVE-2025-6275?: CVE-2025-6275 has been scored as a medium severity vulnerability.
How to fix CVE-2025-6275?: To fix CVE-2025-6275, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-6275 being actively exploited in the wild?: It is possible that CVE-2025-6275 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-6275?: CVE-2025-6275 affects WebAssembly wabt.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions