Vulnerability Description
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Webassembly | Wabt | < 1.0.37 |
Related Weaknesses (CWE)
References
- https://github.com/WebAssembly/wabt/issues/2598ExploitIssue Tracking
- https://github.com/user-attachments/files/20191325/wabt_crash_4.txtExploit
- https://vuldb.com/?ctiid.313278Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.313278Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.593016Third Party AdvisoryVDB Entry
- https://github.com/WebAssembly/wabt/issues/2598ExploitIssue Tracking
FAQ
What is CVE-2025-6274?
CVE-2025-6274 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation...
How severe is CVE-2025-6274?
CVE-2025-6274 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6274?
Check the references section above for vendor advisories and patch information. Affected products include: Webassembly Wabt.