CVE-2025-62711
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-11-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bytecodealliance | wasmtime | From 38.0.0 (inc) to 38.0.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-755 | The product does not handle or incorrectly handles an exceptional condition. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Wasmtime versions 38.0.0 to before 38.0.3 involves a bug in the implementation of component-model related host-to-wasm trampolines. A specially crafted component, when called in a specific way, can cause the host to crash with a segmentation fault or an assertion failure. The issue has been fixed in Wasmtime 38.0.3.
How can this vulnerability impact me? :
The vulnerability can cause the host running Wasmtime to crash unexpectedly due to a segmentation fault or assertion failure. This could lead to denial of service or instability in applications relying on Wasmtime for WebAssembly execution.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Wasmtime to version 38.0.3 or later, as this version contains the patch that fixes the vulnerability. There are no workarounds available.