CVE-2025-15412

Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions up to 1.0.39

Description A security issue exists in WebAssembly wabt, specifically within the wabt::Decompiler::VarName function located in the /src/repro/wabt/bin/wasm-decompile file of the wasm-decompile component. This can lead to an out-of-bounds read. Local access is required for exploitation. The exploit has been publicly disclosed. The project currently lacks an active maintainer.

Recommendations Versions prior to 1.0.39 should not be used. At the moment, there is no information about a newer version that contains a fix for this vulnerability.