CVE-2025-66627
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-10

Assigner: GitHub, Inc.

Description
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-10
Generated
2026-05-07
AI Q&A
2025-12-09
EPSS Evaluated
2026-05-05
NVD
CVE-2025-66627
Affected Vendors & Products
Showing 13 associated CPEs
Vendor Product Version / Range
wasmer wasmi 0.51.0
wasmer wasmi 0.46.0
wasmer wasmi 1.0.0
wasmer wasmi 0.44.0
wasmer wasmi 0.47.0
wasmer wasmi 0.42.0
wasmer wasmi 0.41.0
wasmer wasmi 0.41.1
wasmer wasmi 0.43.0
wasmer wasmi 0.50.0
wasmer wasmi 0.45.0
wasmi-labs wasmi From 0.41.0 (inc) to 0.41.2 (inc)
wasmi-labs wasmi 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a Use After Free issue in Wasmi, a WebAssembly interpreter used in constrained and embedded systems. It occurs in certain versions of Wasmi's linear memory implementation when a WebAssembly module triggers specific memory growth conditions. This can lead to memory corruption, information disclosure, or code execution.


How can this vulnerability impact me? :

The vulnerability can lead to serious impacts including memory corruption, unauthorized disclosure of information, or execution of arbitrary code, potentially compromising the affected system's security and integrity.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update Wasmi to a fixed version such as 0.41.2, 0.47.1, 0.51.3, or 1.0.1. As a workaround, consider limiting the maximum linear memory sizes where feasible to reduce the risk of triggering the Use After Free condition.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart