CVE-2025-6273

Summary

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Affected Software

VendorProductVersion RangeStatus
WebAssemblywabt1.0.0affected
WebAssemblywabt1.0.1affected
WebAssemblywabt1.0.2affected
WebAssemblywabt1.0.3affected
WebAssemblywabt1.0.4affected
WebAssemblywabt1.0.5affected
WebAssemblywabt1.0.6affected
WebAssemblywabt1.0.7affected
WebAssemblywabt1.0.8affected
WebAssemblywabt1.0.9affected
WebAssemblywabt1.0.10affected
WebAssemblywabt1.0.11affected
WebAssemblywabt1.0.12affected
WebAssemblywabt1.0.13affected
WebAssemblywabt1.0.14affected
WebAssemblywabt1.0.15affected
WebAssemblywabt1.0.16affected
WebAssemblywabt1.0.17affected
WebAssemblywabt1.0.18affected
WebAssemblywabt1.0.19affected
WebAssemblywabt1.0.20affected
WebAssemblywabt1.0.21affected
WebAssemblywabt1.0.22affected
WebAssemblywabt1.0.23affected
WebAssemblywabt1.0.24affected
WebAssemblywabt1.0.25affected
WebAssemblywabt1.0.26affected
WebAssemblywabt1.0.27affected
WebAssemblywabt1.0.28affected
WebAssemblywabt1.0.29affected
WebAssemblywabt1.0.30affected
WebAssemblywabt1.0.31affected
WebAssemblywabt1.0.32affected
WebAssemblywabt1.0.33affected
WebAssemblywabt1.0.34affected
WebAssemblywabt1.0.35affected
WebAssemblywabt1.0.36affected
WebAssemblywabt1.0.37affected

Weaknesses

  • CWE-617: Reachable Assertion

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References