CVE-2025-6273

EPSS 0.03%
Published 19.06.2025 18:31:06
Last modified 23.06.2025 20:16:40
Source cna@vuldb.com
CVE-Watchlists
Login
Open
Login

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorWebAssembly

≫

Product wabt

Version 1.0.0

Status affected

Version 1.0.1

Status affected

Version 1.0.2

Status affected

Version 1.0.3

Status affected

Version 1.0.4

Status affected

Version 1.0.5

Status affected

Version 1.0.6

Status affected

Version 1.0.7

Status affected

Version 1.0.8

Status affected

Version 1.0.9

Status affected

Version 1.0.10

Status affected

Version 1.0.11

Status affected

Version 1.0.12

Status affected

Version 1.0.13

Status affected

Version 1.0.14

Status affected

Version 1.0.15

Status affected

Version 1.0.16

Status affected

Version 1.0.17

Status affected

Version 1.0.18

Status affected

Version 1.0.19

Status affected

Version 1.0.20

Status affected

Version 1.0.21

Status affected

Version 1.0.22

Status affected

Version 1.0.23

Status affected

Version 1.0.24

Status affected

Version 1.0.25

Status affected

Version 1.0.26

Status affected

Version 1.0.27

Status affected

Version 1.0.28

Status affected

Version 1.0.29

Status affected

Version 1.0.30

Status affected

Version 1.0.31

Status affected

Version 1.0.32

Status affected

Version 1.0.33

Status affected

Version 1.0.34

Status affected

Version 1.0.35

Status affected

Version 1.0.36

Status affected

Version 1.0.37

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://vuldb.com/?id.313277

https://vuldb.com/?ctiid.313277

https://vuldb.com/?submit.593010

https://github.com/WebAssembly/wabt/issues/2574

https://github.com/user-attachments/files/19529411/wabt_crash.txt

https://nvd.nist.gov/vuln/detail/CVE-2025-6273

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6273

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6273

EUVD