Memory Corruption Vulnerability in WebAssembly Wabt by WebAssembly
CVE-2025-15411

4.8MEDIUM

Key Information:

Vendor

Webassembly

Status
Wabt
Vendor
CVE Published:
1 January 2026

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2025-15411?

A vulnerability has been discovered in WebAssembly's Wabt, specifically in the wabt::AST::InsertNode function located within the wasm-decompile component. This flaw can lead to memory corruption, potentially allowing an attacker to exploit the vulnerability on a local host system. Noteworthy is that the exploit has been publicly released, which raises several security concerns for users of versions up to 1.0.39. Additionally, the project currently lacks an active maintainer, which may hinder prompt remediation efforts. Users are advised to exercise caution and seek potential patches from community contributions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wabt 1.0.0

wabt 1.0.1

wabt 1.0.2

References

https://vuldb.com/?id.339332
vdb-entrytechnical-description
https://vuldb.com/?ctiid.339332
signaturepermissions-required
https://vuldb.com/?submit.719825
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oneafter (VulDB User)
JSON
.