WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion
Summary
| CVE | CVE-2025-6273 |
|---|---|
| State | PUBLISHED |
| Assigner | VulDB |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-06-19 19:15:21 UTC |
| Updated | 2026-04-29 01:00:01 UTC |
| Description | A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect "real world wasm programs". |
Risk And Classification
Primary CVSS: v4.0 1.9 LOW from [email protected]
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Problem Types: CWE-617 | CWE-617 Reachable Assertion
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 4.0 | [email protected] | Secondary | 1.9 | LOW | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/C... |
| 4.0 | CNA | DECLARED | 4.8 | MEDIUM | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P |
| 3.1 | [email protected] | Secondary | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 3.1 | CNA | DECLARED | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R |
| 3.0 | CNA | DECLARED | 3.3 | LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R |
| 2.0 | [email protected] | Secondary | 1.7 | AV:L/AC:L/Au:S/C:N/I:N/A:P | |
| 2.0 | CNA | DECLARED | 1.7 | AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR |
CVSS v4.0 Breakdown
Attack Vector
LocalAttack Complexity
LowAttack Requirements
NonePrivileges Required
LowUser Interaction
NoneConfidentiality
NoneIntegrity
NoneAvailability
LowSub Conf.
NoneSub Integrity
NoneSub Availability
NoneCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS v3.1 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
LowCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS v3.0 Breakdown
Attack Vector
LocalAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
NoneIntegrity
NoneAvailability
LowCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Webassembly | Wabt | All | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | WebAssembly | Wabt | affected 1.0.0 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.1 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.2 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.3 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.4 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.5 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.6 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.7 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.8 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.9 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.10 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.11 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.12 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.13 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.14 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.15 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.16 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.17 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.18 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.19 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.20 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.21 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.22 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.23 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.24 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.25 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.26 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.27 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.28 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.29 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.30 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.31 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.32 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.33 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.34 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.35 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.36 | Not specified |
| CNA | WebAssembly | Wabt | affected 1.0.37 | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| vuldb.com | [email protected] | vuldb.com | Third Party Advisory, VDB Entry |
| github.com/user-attachments/files/19529411/wabt_crash.txt | [email protected] | github.com | Exploit |
| vuldb.com | [email protected] | vuldb.com | Permissions Required, VDB Entry |
| github.com/WebAssembly/wabt/issues/2574 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | github.com | Exploit, Issue Tracking, Vendor Advisory |
| vuldb.com | [email protected] | vuldb.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
CNA: JJLeo (VulDB User) (en)
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| CNA | 2025-06-19T00:00:00.000Z | Advisory disclosed |
| CNA | 2025-06-19T02:00:00.000Z | VulDB entry created |
| CNA | 2025-06-19T08:44:00.000Z | VulDB entry last update |
There are currently no legacy QID mappings associated with this CVE.