Which versions of WebAssembly are affected by CVE-2025-6275?

CVE-2025-6275 is a low-severity vulnerability in WebAssembly wabt (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

Is there a public PoC exploit available for CVE-2025-6275?

Yes, a public proof-of-concept exploit is available for CVE-2025-6275. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-6275?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

WebAssembly CVE-2025-6275

Q: What is the CVSS score of CVE-2025-6275?

CVE-2025-6275 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2025-18695 LOW

Buffer Overflow (CWE-119)

2025-06-19 cna@vuldb.com

Buffer Overflow Denial Of Service

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 15, 2026 - 00:08 euvd

EUVD-2025-18695

Analysis Generated

Mar 15, 2026 - 00:08 vuln.today

PoC Detected

Jul 02, 2025 - 18:34 vuln.today

Public exploit code

CVE Published

Jun 19, 2025 - 20:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Medium

wabt

Release	Status	Version
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
plucky	ignored	end of life, was needs-triage
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

wabt

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.0.20-1	-
bookworm	vulnerable	1.0.32-1	-
forky, sid, trixie	vulnerable	1.0.36+dfsg+~cs1.0.36-2	-
(unstable)	fixed	(unfixed)	unimportant

CVE-2025-6275 vulnerability details – vuln.today

Back

WebAssembly CVE-2025-6275

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code