PT-2025-31268 · Unknown+1 · Webassembly Micro Runtime+1
Linear0211
·
Published
2025-07-29
·
Updated
2025-07-29
·
CVE-2025-54126
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
WebAssembly Micro Runtime (WAMR) iwasm versions 2.4.0 and below
Description
The iwasm package uses the
--addr-pool option with an IPv4 address lacking a subnet mask. This configuration allows the system to accept all IP addresses, potentially exposing the service to unintended external connections and bypassing intended access restrictions. This may lead to unauthorized access, particularly in production deployments where users expect a secure configuration when specifying an IP address without a subnet mask.Recommendations
Update to version 2.4.1 or later.
Exploit
Fix
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Webassembly Micro Runtime
Iwasm