CVE-2025-6274

Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions up to 1.0.37

Description A vulnerability has been found that leads to resource consumption. It affects the OnDataCount function of the file src/interp/binary-reader-interp.cc. The manipulation requires a local attack. A similar issue was previously reported and disputed by the code maintainer, suggesting it may not affect "real world wasm programs", which could lead to this entry being disputed as well.

Recommendations For versions up to 1.0.37, consider disabling the OnDataCount function as a temporary workaround until a patch is available. Restrict access to the binary-reader-interp.cc file to minimize the risk of exploitation. Avoid using the OnDataCount function in local environments until the issue is resolved.