CVE-2025-6273

| EUVD-2025-18694 LOW
2025-06-19 [email protected]
3.3
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18694
PoC Detected
Jan 06, 2026 - 16:24 vuln.today
Public exploit code
CVE Published
Jun 19, 2025 - 19:15 nvd
LOW 3.3

Tags

Denial Of Service Ubuntu Debian

Description

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Analysis

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Technical Context

This vulnerability is classified as Reachable Assertion (CWE-617).

Affected Products

Affected products: Webassembly Wabt

Remediation

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: +20

Vendor Status

Ubuntu

Priority: Medium
wabt
Release Status Version
upstream needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
oracular ignored end of life, was needs-triage
plucky ignored end of life, was needs-triage
questing needs-triage -

Debian

wabt
Release Status Fixed Version Urgency
bullseye vulnerable 1.0.20-1 -
bookworm vulnerable 1.0.32-1 -
forky, sid, trixie vulnerable 1.0.36+dfsg+~cs1.0.36-2 -
(unstable) fixed (unfixed) unimportant

Share

CVE-2025-6273 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy