CVE-2025-15411

medium

Red Hat

CVSS v3 Base Score

7.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 91% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

None

Availability

High

Published: January 1, 2026 (133 days ago)

Last Modified: January 1, 2026

Vendor: Red Hat

Description

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

CWE

CWE-119

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com

CVE-2025-15411

Vulnerability Report

Description

CWE

References