CVE-2025-6273

EPSS 0.03%
Veröffentlicht 19.06.2025 18:31:06
Zuletzt bearbeitet 23.06.2025 20:16:40
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerWebAssembly

≫

Produkt wabt

Version 1.0.0

Status affected

Version 1.0.1

Status affected

Version 1.0.2

Status affected

Version 1.0.3

Status affected

Version 1.0.4

Status affected

Version 1.0.5

Status affected

Version 1.0.6

Status affected

Version 1.0.7

Status affected

Version 1.0.8

Status affected

Version 1.0.9

Status affected

Version 1.0.10

Status affected

Version 1.0.11

Status affected

Version 1.0.12

Status affected

Version 1.0.13

Status affected

Version 1.0.14

Status affected

Version 1.0.15

Status affected

Version 1.0.16

Status affected

Version 1.0.17

Status affected

Version 1.0.18

Status affected

Version 1.0.19

Status affected

Version 1.0.20

Status affected

Version 1.0.21

Status affected

Version 1.0.22

Status affected

Version 1.0.23

Status affected

Version 1.0.24

Status affected

Version 1.0.25

Status affected

Version 1.0.26

Status affected

Version 1.0.27

Status affected

Version 1.0.28

Status affected

Version 1.0.29

Status affected

Version 1.0.30

Status affected

Version 1.0.31

Status affected

Version 1.0.32

Status affected

Version 1.0.33

Status affected

Version 1.0.34

Status affected

Version 1.0.35

Status affected

Version 1.0.36

Status affected

Version 1.0.37

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://vuldb.com/?id.313277

https://vuldb.com/?ctiid.313277

https://vuldb.com/?submit.593010

https://github.com/WebAssembly/wabt/issues/2574

https://github.com/user-attachments/files/19529411/wabt_crash.txt

https://nvd.nist.gov/vuln/detail/CVE-2025-6273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6273

EUVD