{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6273", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-19T06:38:03.623Z", "datePublished": "2025-06-19T18:31:06.692Z", "dateUpdated": "2025-06-23T19:30:37.748Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-19T18:31:06.692Z"}, "title": "WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "Reachable Assertion"}]}], "affected": [{"vendor": "WebAssembly", "product": "wabt", "versions": [{"version": "1.0.0", "status": "affected"}, {"version": "1.0.1", "status": "affected"}, {"version": "1.0.2", "status": "affected"}, {"version": "1.0.3", "status": "affected"}, {"version": "1.0.4", "status": "affected"}, {"version": "1.0.5", "status": "affected"}, {"version": "1.0.6", "status": "affected"}, {"version": "1.0.7", "status": "affected"}, {"version": "1.0.8", "status": "affected"}, {"version": "1.0.9", "status": "affected"}, {"version": "1.0.10", "status": "affected"}, {"version": "1.0.11", "status": "affected"}, {"version": "1.0.12", "status": "affected"}, {"version": "1.0.13", "status": "affected"}, {"version": "1.0.14", "status": "affected"}, {"version": "1.0.15", "status": "affected"}, {"version": "1.0.16", "status": "affected"}, {"version": "1.0.17", "status": "affected"}, {"version": "1.0.18", "status": "affected"}, {"version": "1.0.19", "status": "affected"}, {"version": "1.0.20", "status": "affected"}, {"version": "1.0.21", "status": "affected"}, {"version": "1.0.22", "status": "affected"}, {"version": "1.0.23", "status": "affected"}, {"version": "1.0.24", "status": "affected"}, {"version": "1.0.25", "status": "affected"}, {"version": "1.0.26", "status": "affected"}, {"version": "1.0.27", "status": "affected"}, {"version": "1.0.28", "status": "affected"}, {"version": "1.0.29", "status": "affected"}, {"version": "1.0.30", "status": "affected"}, {"version": "1.0.31", "status": "affected"}, {"version": "1.0.32", "status": "affected"}, {"version": "1.0.33", "status": "affected"}, {"version": "1.0.34", "status": "affected"}, {"version": "1.0.35", "status": "affected"}, {"version": "1.0.36", "status": "affected"}, {"version": "1.0.37", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\"."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in WebAssembly wabt bis 1.0.37 gefunden. Dies betrifft die Funktion LogOpcode der Datei src/binary-reader-objdump.cc. Durch Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-19T08:44:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.313277", "name": "VDB-313277 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313277", "name": "VDB-313277 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.593010", "name": "Submit #593010 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Reachable Assertion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WebAssembly/wabt/issues/2574", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt", "tags": ["exploit"]}], "tags": ["disputed"]}, "adp": [{"references": [{"url": "https://github.com/WebAssembly/wabt/issues/2574", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T16:16:54.491286Z", "id": "CVE-2025-6273", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T19:30:37.748Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6273", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-23T16:16:54.491286Z"}}}], "references": [{"url": "https://github.com/WebAssembly/wabt/issues/2574", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T16:16:55.942Z"}}], "cna": {"tags": ["disputed"], "title": "WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion", "credits": [{"lang": "en", "type": "reporter", "value": "JJLeo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "WebAssembly", "product": "wabt", "versions": [{"status": "affected", "version": "1.0.0"}, {"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "1.0.2"}, {"status": "affected", "version": "1.0.3"}, {"status": "affected", "version": "1.0.4"}, {"status": "affected", "version": "1.0.5"}, {"status": "affected", "version": "1.0.6"}, {"status": "affected", "version": "1.0.7"}, {"status": "affected", "version": "1.0.8"}, {"status": "affected", "version": "1.0.9"}, {"status": "affected", "version": "1.0.10"}, {"status": "affected", "version": "1.0.11"}, {"status": "affected", "version": "1.0.12"}, {"status": "affected", "version": "1.0.13"}, {"status": "affected", "version": "1.0.14"}, {"status": "affected", "version": "1.0.15"}, {"status": "affected", "version": "1.0.16"}, {"status": "affected", "version": "1.0.17"}, {"status": "affected", "version": "1.0.18"}, {"status": "affected", "version": "1.0.19"}, {"status": "affected", "version": "1.0.20"}, {"status": "affected", "version": "1.0.21"}, {"status": "affected", "version": "1.0.22"}, {"status": "affected", "version": "1.0.23"}, {"status": "affected", "version": "1.0.24"}, {"status": "affected", "version": "1.0.25"}, {"status": "affected", "version": "1.0.26"}, {"status": "affected", "version": "1.0.27"}, {"status": "affected", "version": "1.0.28"}, {"status": "affected", "version": "1.0.29"}, {"status": "affected", "version": "1.0.30"}, {"status": "affected", "version": "1.0.31"}, {"status": "affected", "version": "1.0.32"}, {"status": "affected", "version": "1.0.33"}, {"status": "affected", "version": "1.0.34"}, {"status": "affected", "version": "1.0.35"}, {"status": "affected", "version": "1.0.36"}, {"status": "affected", "version": "1.0.37"}]}], "timeline": [{"lang": "en", "time": "2025-06-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-19T08:44:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.313277", "name": "VDB-313277 | WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313277", "name": "VDB-313277 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.593010", "name": "Submit #593010 | WebAssembly wabt wabt 1.0.37 (commit a60eb26) Reachable Assertion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/WebAssembly/wabt/issues/2574", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\"."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in WebAssembly wabt bis 1.0.37 gefunden. Dies betrifft die Funktion LogOpcode der Datei src/binary-reader-objdump.cc. Durch Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "Reachable Assertion"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-19T18:31:06.692Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6273", "state": "PUBLISHED", "dateUpdated": "2025-06-23T19:30:37.748Z", "dateReserved": "2025-06-19T06:38:03.623Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-19T18:31:06.692Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "cna@vuldb.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\"."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en WebAssembly WABT hasta la versi\u00f3n 1.0.37, clasificada como problem\u00e1tica. Este problema afecta a la funci\u00f3n LogOpcode del archivo src/binary-reader-objdump.cc. La manipulaci\u00f3n genera una aserci\u00f3n accesible. Se requiere acceso local para abordar este ataque. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. La existencia real de esta vulnerabilidad a\u00fan se duda. El responsable del c\u00f3digo explica que este problema podr\u00eda no afectar a los programas WASM del mundo real."}], "id": "CVE-2025-6273", "lastModified": "2025-06-23T20:16:40.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-19T19:15:21.800", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/WebAssembly/wabt/issues/2574"}, {"source": "cna@vuldb.com", "url": "https://github.com/user-attachments/files/19529411/wabt_crash.txt"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.313277"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.313277"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.593010"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/WebAssembly/wabt/issues/2574"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "wabt: WebAssembly wabt reachable assertion", "id": "2373919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373919"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-617", "details": ["A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The code maintainer explains that this issue might not affect \"real world wasm programs\".", "A denial-of-service vulnerability has been identified in WebAssembly's WebAssembly Binary Toolkit (wabt), specifically within the LogOpcode function. This flaw allows an attacker with local access to trigger a program crash by manipulating input data, leading to a reachable assertion in the code path if the exception is improperly handled. Successful exploitation could impact the availability of applications or services that process WebAssembly binaries using wabt."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6273", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-19T18:31:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6273\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6273\nhttps://github.com/WebAssembly/wabt/issues/2574\nhttps://github.com/user-attachments/files/19529411/wabt_crash.txt\nhttps://vuldb.com/?ctiid.313277\nhttps://vuldb.com/?id.313277\nhttps://vuldb.com/?submit.593010"], "threat_severity": "Low"}