VYPR
Low severityNVD Advisory· Published Oct 24, 2025· Updated Oct 27, 2025

Wasmtime vulnerable to segfault when using component resources

CVE-2025-62711

Description

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
wasmtimecrates.io
>= 38.0.0, < 38.0.338.0.3

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.