CVE-2025-62711
LOWDescription
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| bytecodealliance | wasmtime |
References
Frequently Asked Questions
What is CVE-2025-62711? +
How severe is CVE-2025-62711? +
What products are affected by CVE-2025-62711? +
How do I check if I'm vulnerable to CVE-2025-62711? +
Related Vulnerabilities
A denial-of-service vulnerability exists in the affected products. The vulnerability could allow a remote, non-privileged user to send malicious requests …
Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS …
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the ArmorStart Classic distributed motor controller, …
loona is an experimental, HTTP/1.1 and HTTP/2 implementation in Rust on top of io-uring. `loona-hpack` suffers from the same vulnerability …
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. …
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as …