VIR Vulnerability Intelligence Relay

CVE-2025-6273

low
Published 2025-06-19 · Modified 2026-04-29
CVSS v3
3.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS v2
1.7
VIR risk
3.3

Description

A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs".

Predictions

Exploit likelihood
34%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-6273

vendor Authored 2026-05-27

Vendor advisory: cna@vuldb.com — https://github.com/WebAssembly/wabt/issues/2574

OS impact
OSVersionStatusFixed in
debian debianbookwormaffected
debian debianbullseyeaffected
debian debianforkyaffected
debian debiansidaffected
debian debiantrixieaffected

Application impact
VendorProductVersionsFixed
webassemblywabt{"endIncluding":"1.0.37"}

References

CWEs

CWE-617

Verify integrity in audit chain (admin only). AS-IS.