Vulnerability Description
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webassembly | Wabt | <= 1.0.39 |
Related Weaknesses (CWE)
References
- https://github.com/WebAssembly/wabt/
- https://github.com/WebAssembly/wabt/issues/2679ExploitIssue TrackingVendor Advisory
- https://github.com/oneafter/1208/blob/main/af1Exploit
- https://vuldb.com/?ctiid.339332Permissions RequiredVDB Entry
- https://vuldb.com/?id.339332Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.719825Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.736404
FAQ
What is CVE-2025-15411?
CVE-2025-15411 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-deco...
How severe is CVE-2025-15411?
CVE-2025-15411 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15411?
Check the references section above for vendor advisories and patch information. Affected products include: Webassembly Wabt.