CVE-2025-6275

| EUVD-2025-18695 LOW
2025-06-19 [email protected]
3.3
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

5
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 00:08 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 00:08 euvd
EUVD-2025-18695
PoC Detected
Jul 02, 2025 - 18:34 vuln.today
Public exploit code
CVE Published
Jun 19, 2025 - 20:15 nvd
LOW 3.3

Tags

Buffer Overflow Denial Of Service Ubuntu Debian

Description

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Analysis

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected products: Webassembly Wabt

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

37
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +16
POC: +20

Vendor Status

Ubuntu

Priority: Medium
wabt
Release Status Version
focal needs-triage -
jammy needs-triage -
noble needs-triage -
plucky ignored end of life, was needs-triage
upstream needs-triage -
oracular ignored end of life, was needs-triage
questing needs-triage -

Debian

wabt
Release Status Fixed Version Urgency
bullseye vulnerable 1.0.20-1 -
bookworm vulnerable 1.0.32-1 -
forky, sid, trixie vulnerable 1.0.36+dfsg+~cs1.0.36-2 -
(unstable) fixed (unfixed) unimportant

Share

CVE-2025-6275 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy