CVE-2025-2584
6.8
MEDIUM
CVSS 3.1
EPSS 0.12%
Description
A vulnerability was found in WebAssembly wabt 1.0.36. It has been declared as critical. This vulnerability affects the function BinaryReaderInterp::GetReturnCallDropKeepCount of the file wabt/src/interp/binary-reader-interp.cc. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
How to fix CVE-2025-2584
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- —no fix listed
- —no fix listed
Is CVE-2025-2584 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, <= 1.0.36
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H |