Is there a public PoC exploit available for CVE-2025-14956?

Yes, a public proof-of-concept exploit is available for CVE-2025-14956. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for CVE-2025-14956?

Yes, a patch is available for CVE-2025-14956. Update the affected software to the latest version immediately.

WebAssembly Binaryen CVE-2025-14956

Q: What is the CVSS score of CVE-2025-14956?

CVE-2025-14956 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Buffer Overflow (CWE-119)

2025-12-19 cna@vuldb.com

Buffer Overflow Binaryen

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 02:49 vuln.today

DescriptionCVE.org

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

AnalysisAI

Heap-based buffer overflow in WebAssembly Binaryen up to version 125 within the WasmBinaryReader::readExport function allows local attackers with low privileges to cause limited information disclosure and integrity compromise. The vulnerability requires local access and authenticated privileges but has extremely low real-world exploitability with EPSS score of 0.04% despite publicly available proof-of-concept code, indicating this is a narrow, low-impact issue unlikely to be prioritized in most threat environments.

Technical ContextAI

The vulnerability exists in the binary WebAssembly parser (src/wasm/wasm-binary.cpp), specifically within the export section reading logic of WasmBinaryReader. The heap-based buffer overflow (CWE-119) occurs when the readExport function processes malformed or oversized export records in WebAssembly binary files without proper bounds checking. This is a classic memory safety issue in C++ code that manipulates heap-allocated buffers during binary format parsing. The attack requires crafting a malicious WebAssembly binary module with an oversized export definition that triggers the overflow when parsed locally.

RemediationAI

Apply vendor patch immediately by updating to a version containing commit 4f52bff8c4075b5630422f902dd92a0af2c9f398 or later. Pull request #8092 on the GitHub repository https://github.com/WebAssembly/binaryen/ tracks the fix. For environments unable to patch immediately, restrict execution of untrusted WebAssembly binary files and limit local user access to systems running Binaryen tools, since the attack requires local access with low-privilege credentials. If Binaryen is part of a build pipeline, validate that all WebAssembly input binaries are from trusted sources and consider sandboxing the parser process with reduced privileges or process isolation.

CVE-2025-14956 vulnerability details – vuln.today

Back