Vulnerability Description
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webassembly | Wabt | <= 1.0.37 |
Related Weaknesses (CWE)
References
- https://github.com/WebAssembly/wabt/issues/2574ExploitIssue TrackingVendor Advisory
- https://github.com/user-attachments/files/19529411/wabt_crash.txtExploit
- https://vuldb.com/?ctiid.313277Permissions RequiredVDB Entry
- https://vuldb.com/?id.313277Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.593010Third Party AdvisoryVDB Entry
- https://github.com/WebAssembly/wabt/issues/2574ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-6273?
CVE-2025-6273 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to ...
How severe is CVE-2025-6273?
CVE-2025-6273 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6273?
Check the references section above for vendor advisories and patch information. Affected products include: Webassembly Wabt.