Medium severity5.3NVD Advisory· Published Jan 1, 2026· Updated Apr 29, 2026

CVE-2025-15411

Description

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. Unfortunately, the project has no active maintainer at the moment. In a reply to the issue report somebody recommended to the researcher to provide a PR himself.

Affected products

Webassembly/Wabt
cpe:2.3:a:webassembly:wabt:*:*:*:*:*:*:*:*
Range: <=1.0.39

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/WebAssembly/wabt/issues/2679nvdExploitIssue TrackingVendor Advisory
github.com/oneafter/1208/blob/main/af1nvdExploit
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdPermissions RequiredVDB Entry
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000