CVE-2025-15572

EUVD-2025-207350
A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Unfortunately, the project has no active maintainer at the moment.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
wasm3_projectwasm3
𝑥
≤ 0.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/oneafter/cve-proofs/blob/main/POC-20251203-07/repro
https://github.com/wasm3/wasm3/
https://github.com/wasm3/wasm3/issues/550
https://vuldb.com/?ctiid.344934
https://vuldb.com/?id.344934
https://vuldb.com/?submit.752765