CVE-2025-15411
WebAssembly wabt wasm-decompile InsertNode memory corruption
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.
| CWE | CWE-119 |
| Vendor | webassembly |
| Product | wabt |
| Published | Jan 1, 2026 |
| Last Updated | Feb 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for webassembly wabt
Be the first to know when new medium vulnerabilities affecting webassembly wabt are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
WebAssembly / wabt
1.0.0 1.0.1 1.0.2 1.0.3 1.0.4 1.0.5 1.0.6 1.0.7 1.0.8 1.0.9 1.0.10 1.0.11 1.0.12 1.0.13 1.0.14 1.0.15 1.0.16 1.0.17 1.0.18 1.0.19 1.0.20 1.0.21 1.0.22 1.0.23 1.0.24 1.0.25 1.0.26 1.0.27 1.0.28 1.0.29 1.0.30 1.0.31 1.0.32 1.0.33 1.0.34 1.0.35 1.0.36 1.0.37 1.0.38 1.0.39
References
vuldb.com: https://vuldb.com/?id.339332 vuldb.com: https://vuldb.com/?ctiid.339332 vuldb.com: https://vuldb.com/?submit.719825 vuldb.com: https://vuldb.com/?submit.736404 github.com: https://github.com/WebAssembly/wabt/issues/2679 github.com: https://github.com/oneafter/1208/blob/main/af1 github.com: https://github.com/WebAssembly/wabt/
Credits
๐ Oneafter (VulDB User)