CVE-2025-6274
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-19
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-06-19
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6274
EUVD
EUVD-2025-18693
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
webassembly wabt to 1.0.37 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6274 is a resource consumption vulnerability in the WebAssembly wabt project (up to version 1.0.37). It occurs in the function OnDataCount within the source file src/interp/binary-reader-interp.cc. The vulnerability is triggered by specially crafted input that causes the function to allocate an excessively large amount of memory, leading to an out-of-memory condition. This can cause the program to abort or become unstable, resulting in a denial of service (DoS). Exploitation requires local access and the vulnerability has been publicly disclosed with proof-of-concept exploits available. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for abnormal resource consumption or out-of-memory conditions when processing WebAssembly binaries with wabt versions up to 1.0.37. Since the issue occurs in the OnDataCount function during reading of the DataCount section, running fuzzing tests or using the publicly available proof-of-concept input (e.g., wabt_crash_4.txt) can help detect the vulnerability. Specific commands are not provided, but using fuzzing tools with AddressSanitizer enabled on the wabt binary-reader-interp component may reveal the issue. [3, 2, 1]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been identified for this vulnerability. Immediate steps include avoiding use of affected versions of wabt (up to 1.0.37) or replacing the affected component with an alternative product. Monitoring for excessive memory usage during processing of WebAssembly binaries and restricting local access to the vulnerable component can also help reduce risk. [2, 3]


How can this vulnerability impact me? :

This vulnerability can impact you by causing denial of service (DoS) on systems running the affected wabt versions. An attacker with local access can exploit the vulnerability by providing specially crafted input that triggers excessive memory allocation, leading to out-of-memory conditions and program crashes. This can disrupt availability and stability of applications or services using the vulnerable component. [1, 2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart