High severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
Wasmi's Linear Memory has a Critical Use After Free Vulnerability
CVE-2025-66627
Description
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
wasmicrates.io | >= 0.41.0, < 0.41.2 | 0.41.2 |
wasmicrates.io | >= 0.42.0, < 0.47.1 | 0.47.1 |
wasmicrates.io | >= 0.50.0, < 0.51.3 | 0.51.3 |
wasmicrates.io | >= 1.0.0, < 1.0.1 | 1.0.1 |
Affected products
3- osv-coords2 versions
< 0.14.2-r0+ 1 more
- (no CPE)range: < 0.14.2-r0
- (no CPE)range: >= 0.41.0, < 0.41.2
- wasmi-labs/wasmiv5Range: >= 0.41.0, < 0.41.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-g4v2-cjqp-rfmqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66627ghsaADVISORY
- github.com/wasmi-labs/wasmi/commit/0e6f0d2a8325602c58d6a53ce1c0e6045eb6a490ghsaWEB
- github.com/wasmi-labs/wasmi/security/advisories/GHSA-g4v2-cjqp-rfmqghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.