CVE 4.8 MEDIUM

WebAssembly wabt wasm-decompile VarName out-of-bounds_CVE-2025-15412

January 1, 2026 invoker category_cve
4.8 / 10
MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

Basic Information

ID CVE-2025-15412
Source VulDB
Published Jan 1, 2026 at 20:32

Affected Product

Vendor WebAssembly
Product wabt
Version 1.0.0
Affected Versions WebAssembly wabt 1.0.0
WebAssembly wabt 1.0.1
WebAssembly wabt 1.0.2
WebAssembly wabt 1.0.3
WebAssembly wabt 1.0.4
WebAssembly wabt 1.0.5
WebAssembly wabt 1.0.6
WebAssembly wabt 1.0.7
WebAssembly wabt 1.0.8
WebAssembly wabt 1.0.9
WebAssembly wabt 1.0.10
WebAssembly wabt 1.0.11
WebAssembly wabt 1.0.12
WebAssembly wabt 1.0.13
WebAssembly wabt 1.0.14
WebAssembly wabt 1.0.15
WebAssembly wabt 1.0.16
WebAssembly wabt 1.0.17
WebAssembly wabt 1.0.18
WebAssembly wabt 1.0.19
WebAssembly wabt 1.0.20
WebAssembly wabt 1.0.21
WebAssembly wabt 1.0.22
WebAssembly wabt 1.0.23
WebAssembly wabt 1.0.24
WebAssembly wabt 1.0.25
WebAssembly wabt 1.0.26
WebAssembly wabt 1.0.27
WebAssembly wabt 1.0.28
WebAssembly wabt 1.0.29
WebAssembly wabt 1.0.30
WebAssembly wabt 1.0.31
WebAssembly wabt 1.0.32
WebAssembly wabt 1.0.33
WebAssembly wabt 1.0.34
WebAssembly wabt 1.0.35
WebAssembly wabt 1.0.36
WebAssembly wabt 1.0.37
WebAssembly wabt 1.0.38
WebAssembly wabt 1.0.39

CWE Classification

CWE-125 CWE-119

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.