Vulnerability Description
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wasm3 Project | Wasm3 | <= 0.5.0 |
Related Weaknesses (CWE)
References
- https://github.com/wasm3/wasm3/
- https://github.com/wasm3/wasm3/issues/543ExploitIssue Tracking
- https://github.com/wasm3/wasm3/issues/547ExploitIssue Tracking
- https://vuldb.com/?ctiid.339334Permissions RequiredVDB Entry
- https://vuldb.com/?id.339334Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.719829Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.719831Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15413?
CVE-2025-15413 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack nee...
How severe is CVE-2025-15413?
CVE-2025-15413 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15413?
Check the references section above for vendor advisories and patch information. Affected products include: Wasm3 Project Wasm3.