CVE-2025-15413

EUVD-2026-0004
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
wasm3_projectwasm3
𝑥
≤ 0.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/wasm3/wasm3/
https://github.com/wasm3/wasm3/issues/543
https://github.com/wasm3/wasm3/issues/547
https://vuldb.com/?ctiid.339334
https://vuldb.com/?id.339334
https://vuldb.com/?submit.719829
https://vuldb.com/?submit.719831