Which versions of Wasm3 are affected by CVE-2025-15572?

CVE-2025-15572 is a low-severity vulnerability in wasm3 (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation.

Is there a public PoC exploit available for CVE-2025-15572?

Yes, a public proof-of-concept exploit is available for CVE-2025-15572. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-15572?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Wasm3 CVE-2025-15572

Q: What is the CVSS score of CVE-2025-15572?

CVE-2025-15572 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Memory Leak (CWE-401)

2026-02-10 cna@vuldb.com

Information Disclosure Wasm3

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 12, 2026 - 15:22 vuln.today

Public exploit code

CVE Published

Feb 10, 2026 - 16:16 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.

AnalysisAI

A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. [CVSS 3.3 LOW]

Technical ContextAI

Classified as CWE-401 (Memory Leak). Affects Wasm3. A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-15572 vulnerability details – vuln.today

Back