Segmentation Fault Vulnerability in WebAssembly Micro Runtime by Bytecode Alliance
CVE-2025-64704

4.7MEDIUM

Key Information:

Vendor: Bytecodealliance
Status: Wasm-micro-runtime
Vendor: CVE Published:; 25 November 2025

🔔 Create Bytecodealliance Vulnerability Alert

What is CVE-2025-64704?

A segmentation fault vulnerability exists in the WebAssembly Micro Runtime (WAMR) related to the improper handling of the v128.store instruction. This flaw can lead to unstable runtime behavior and potential disruptions in service. The vulnerability affects all versions prior to 2.4.4 and has been addressed in the latest patch release. Users are strongly advised to upgrade to version 2.4.4 or later to mitigate any potential risks associated with this issue.

Affected Version(s)

wasm-micro-runtime < 2.4.4

References

https://github.com/bytecodealliance/wasm-micro-runtime/se...

x_refsource_CONFIRM

https://github.com/bytecodealliance/wasm-micro-runtime/re...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 25, 2025
Vulnerability Reserved
Nov 10, 2025

CVE-2025-64704 Data

JSON