Medium severity5.3NVD Advisory· Published Dec 19, 2025· Updated Apr 29, 2026

CVE-2025-14956

Description

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.

Affected products

Webassembly/Binaryen
cpe:2.3:a:webassembly:binaryen:*:*:*:*:*:*:*:*
Range: <=125

Patches

4f52bff8c407

https://github.com/webassembly/binaryenvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/WebAssembly/binaryen/commit/4f52bff8c4075b5630422f902dd92a0af2c9f398nvdPatch
github.com/WebAssembly/binaryen/issues/8089nvdExploitIssue TrackingThird Party Advisory
vuldb.comnvdExploitThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/WebAssembly/binaryen/pull/8092nvdIssue Tracking
github.com/oneafter/1204/blob/main/hbfnvdNot Applicable
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000