{"api_version":"1","generated_at":"2026-05-11T13:03:33+00:00","cve":"CVE-2025-15411","urls":{"html":"https://cve.report/CVE-2025-15411","api":"https://cve.report/api/cve/CVE-2025-15411.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-15411","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-15411"},"summary":{"title":"WebAssembly wabt wasm-decompile InsertNode memory corruption","description":"A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-01-01 20:15:40","updated_at":"2026-04-29 01:00:01"},"problem_types":["CWE-119","CWE-119 Memory Corruption"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"1.9","severity":"LOW","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"4.8","severity":"MEDIUM","vector":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","data":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"cna@vuldb.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","data":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"4.3","severity":"","vector":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","data":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"references":[{"url":"https://vuldb.com/?submit.736404","name":"https://vuldb.com/?submit.736404","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?submit.719825","name":"https://vuldb.com/?submit.719825","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?ctiid.339332","name":"https://vuldb.com/?ctiid.339332","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/oneafter/1208/blob/main/af1","name":"https://github.com/oneafter/1208/blob/main/af1","refsource":"cna@vuldb.com","tags":["Exploit"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/?id.339332","name":"https://vuldb.com/?id.339332","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/WebAssembly/wabt/","name":"https://github.com/WebAssembly/wabt/","refsource":"cna@vuldb.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/WebAssembly/wabt/issues/2679","name":"https://github.com/WebAssembly/wabt/issues/2679","refsource":"cna@vuldb.com","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-15411","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-15411","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.0","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.1","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.2","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.3","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.4","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.5","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.6","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.7","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.8","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.9","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.10","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.11","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.12","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.13","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.14","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.15","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.16","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.17","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.18","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.19","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.20","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.21","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.22","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.23","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.24","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.25","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.26","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.27","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.28","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.29","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.30","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.31","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.32","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.33","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.34","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.35","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.36","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.37","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.38","platforms":[]},{"source":"CNA","vendor":"WebAssembly","product":"wabt","version":"affected 1.0.39","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-01-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-01-01T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-01-06T17:41:47.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Oneafter (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2025","cve_id":"15411","vulnerable":"1","versionEndIncluding":"1.0.39","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"webassembly","cpe5":"wabt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-15411","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-01-05T21:03:24.165884Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-01-05T21:04:04.609Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*"],"modules":["wasm-decompile"],"product":"wabt","vendor":"WebAssembly","versions":[{"status":"affected","version":"1.0.0"},{"status":"affected","version":"1.0.1"},{"status":"affected","version":"1.0.2"},{"status":"affected","version":"1.0.3"},{"status":"affected","version":"1.0.4"},{"status":"affected","version":"1.0.5"},{"status":"affected","version":"1.0.6"},{"status":"affected","version":"1.0.7"},{"status":"affected","version":"1.0.8"},{"status":"affected","version":"1.0.9"},{"status":"affected","version":"1.0.10"},{"status":"affected","version":"1.0.11"},{"status":"affected","version":"1.0.12"},{"status":"affected","version":"1.0.13"},{"status":"affected","version":"1.0.14"},{"status":"affected","version":"1.0.15"},{"status":"affected","version":"1.0.16"},{"status":"affected","version":"1.0.17"},{"status":"affected","version":"1.0.18"},{"status":"affected","version":"1.0.19"},{"status":"affected","version":"1.0.20"},{"status":"affected","version":"1.0.21"},{"status":"affected","version":"1.0.22"},{"status":"affected","version":"1.0.23"},{"status":"affected","version":"1.0.24"},{"status":"affected","version":"1.0.25"},{"status":"affected","version":"1.0.26"},{"status":"affected","version":"1.0.27"},{"status":"affected","version":"1.0.28"},{"status":"affected","version":"1.0.29"},{"status":"affected","version":"1.0.30"},{"status":"affected","version":"1.0.31"},{"status":"affected","version":"1.0.32"},{"status":"affected","version":"1.0.33"},{"status":"affected","version":"1.0.34"},{"status":"affected","version":"1.0.35"},{"status":"affected","version":"1.0.36"},{"status":"affected","version":"1.0.37"},{"status":"affected","version":"1.0.38"},{"status":"affected","version":"1.0.39"}]}],"credits":[{"lang":"en","type":"reporter","value":"Oneafter (VulDB User)"}],"descriptions":[{"lang":"en","value":"A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself."}],"metrics":[{"cvssV4_0":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.1"}},{"cvssV3_0":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","version":"3.0"}},{"cvssV2_0":{"baseScore":4.3,"vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"Memory Corruption","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-02-23T08:03:27.517Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-339332 | WebAssembly wabt wasm-decompile InsertNode memory corruption","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/?id.339332"},{"name":"VDB-339332 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/?ctiid.339332"},{"name":"Submit #719825 | WebAssembly wabt 1.0.39 and master-branch Heap-based Buffer Overflow","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.719825"},{"name":"Submit #736404 | WebAssembly wabt 1.0.39 and master-branch Use After Free (Duplicate)","tags":["third-party-advisory"],"url":"https://vuldb.com/?submit.736404"},{"tags":["issue-tracking"],"url":"https://github.com/WebAssembly/wabt/issues/2679"},{"tags":["exploit"],"url":"https://github.com/oneafter/1208/blob/main/af1"},{"tags":["product"],"url":"https://github.com/WebAssembly/wabt/"}],"timeline":[{"lang":"en","time":"2026-01-01T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-01-01T01:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-01-06T17:41:47.000Z","value":"VulDB entry last update"}],"title":"WebAssembly wabt wasm-decompile InsertNode memory corruption"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2025-15411","datePublished":"2026-01-01T19:32:07.421Z","dateReserved":"2026-01-01T09:18:56.704Z","dateUpdated":"2026-02-23T08:03:27.517Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-01 20:15:40","lastModifiedDate":"2026-04-29 01:00:01","problem_types":["CWE-119","CWE-119 Memory Corruption"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:P/I:P/A:P","baseScore":4.3,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.0.39","matchCriteriaId":"4553C1EF-0407-4632-ACA5-3D1E2A76FBDA"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"15411","Ordinal":"1","Title":"WebAssembly wabt wasm-decompile InsertNode memory corruption","CVE":"CVE-2025-15411","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"15411","Ordinal":"1","NoteData":"A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.","Type":"Description","Title":"WebAssembly wabt wasm-decompile InsertNode memory corruption"}]}}}