CVE-2025-15412 | WebAssembly wabt up to 1.0.39 wasm-decompile VarName out-of-bounds (Issue 2678)

A vulnerability classified as critical was found in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read.

This vulnerability is uniquely identified as CVE-2025-15412. Local access is required to approach this attack. Moreover, an exploit is present.

Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

CVE-2025-15412 | WebAssembly wabt up to 1.0.39 wasm-decompile VarName out-of-bounds (Issue 2678)

Post correlati

CVE-2025-5863 | Tenda AC5 15.03.06.47 /goform/SetRebootTimer formSetRebootTimer rebootTime stack-based overflow

CVE-2025-62759 | Justin Tadlock Series Plugin up to 2.0.1 on WordPress cross site scripting

CVE-2025-15217 | Tenda AC23 16.03.07.52 HTTP POST Request formSetPPTPUserList list buffer overflow

CVE-2025-10761 | Harness 3.3.0 Login Endpoint /api/v1/login excessive authentication