How to fix EUVD-2025-18693?

During next maintenance window: Apply vendor patches when convenient. Verify denial of service controls are in place.

Is Ubuntu affected by EUVD-2025-18693?

CVE-2025-6274 is a low-severity vulnerability in WebAssembly wabt involving resource exhaustion (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

EUVD-2025-18693

| CVE-2025-6274 LOW

2025-06-19 [email protected]

3.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 00:08 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 00:08 euvd

EUVD-2025-18693

PoC Detected

Jul 02, 2025 - 18:33 vuln.today

Public exploit code

CVE Published

Jun 19, 2025 - 19:15 nvd

LOW 3.3

Description

A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.

Analysis

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

Affected Products

Affected products: Webassembly Wabt

Remediation

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +16

POC: +20

Vendor Status

Ubuntu

Priority: Medium

wabt

Release	Status	Version
noble	needs-triage	-
plucky	ignored	end of life, was needs-triage
upstream	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

wabt

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.0.20-1	-
bookworm	vulnerable	1.0.32-1	-
forky, sid, trixie	vulnerable	1.0.36+dfsg+~cs1.0.36-2	-
(unstable)	fixed	(unfixed)	unimportant

EUVD-2025-18693 vulnerability details – vuln.today

Back

EUVD-2025-18693

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-18693

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code