CVE-2025-15411

Summary

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

Affected Software

VendorProductVersion RangeStatus
WebAssemblywabt1.0.0affected
WebAssemblywabt1.0.1affected
WebAssemblywabt1.0.2affected
WebAssemblywabt1.0.3affected
WebAssemblywabt1.0.4affected
WebAssemblywabt1.0.5affected
WebAssemblywabt1.0.6affected
WebAssemblywabt1.0.7affected
WebAssemblywabt1.0.8affected
WebAssemblywabt1.0.9affected
WebAssemblywabt1.0.10affected
WebAssemblywabt1.0.11affected
WebAssemblywabt1.0.12affected
WebAssemblywabt1.0.13affected
WebAssemblywabt1.0.14affected
WebAssemblywabt1.0.15affected
WebAssemblywabt1.0.16affected
WebAssemblywabt1.0.17affected
WebAssemblywabt1.0.18affected
WebAssemblywabt1.0.19affected
WebAssemblywabt1.0.20affected
WebAssemblywabt1.0.21affected
WebAssemblywabt1.0.22affected
WebAssemblywabt1.0.23affected
WebAssemblywabt1.0.24affected
WebAssemblywabt1.0.25affected
WebAssemblywabt1.0.26affected
WebAssemblywabt1.0.27affected
WebAssemblywabt1.0.28affected
WebAssemblywabt1.0.29affected
WebAssemblywabt1.0.30affected
WebAssemblywabt1.0.31affected
WebAssemblywabt1.0.32affected
WebAssemblywabt1.0.33affected
WebAssemblywabt1.0.34affected
WebAssemblywabt1.0.35affected
WebAssemblywabt1.0.36affected
WebAssemblywabt1.0.37affected
WebAssemblywabt1.0.38affected
WebAssemblywabt1.0.39affected

Weaknesses

  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References