Vulnerability Description
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webassembly | Wabt | <= 1.0.39 |
Related Weaknesses (CWE)
References
- https://github.com/WebAssembly/wabt/
- https://github.com/WebAssembly/wabt/issues/2678ExploitIssue TrackingVendor Advisory
- https://github.com/oneafter/1208/blob/main/af1Exploit
- https://vuldb.com/?ctiid.339333Permissions RequiredVDB Entry
- https://vuldb.com/?id.339333Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.719826Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15412?
CVE-2025-15412 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component w...
How severe is CVE-2025-15412?
CVE-2025-15412 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15412?
Check the references section above for vendor advisories and patch information. Affected products include: Webassembly Wabt.