CVE-2025-58749

CVSS v4.0

2.1

Low

Vector

AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions WebAssembly Micro Runtime (WAMR) versions prior to 2.4.2

Description WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. When running in LLVM-JIT mode, the runtime cannot exit normally when executing WebAssembly programs containing a memory.fill instruction where the first operand (memory address pointer) is greater than or equal to 2147483648 bytes (2GiB). This causes the runtime to hang in release builds or crash in debug builds due to accessing an invalid pointer. The issue does not occur in FAST-JIT mode or other runtime tools.

Recommendations Update to version 2.4.2 or later.

Exploit

Fix

Untrusted Pointer Dereference

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-822CWE-190

Related Identifiers

AZL-67608

AZL-67617

CVE-2025-58749

GHSA-XJ5P-R8JQ-PW47

Affected Products

Webassembly Micro Runtime

CVE-2025-58749

Weakness Enumeration

Related Identifiers

Affected Products

References · 8