A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project has no active maintainer at the moment.
References
| Link | Resource |
|---|---|
| https://github.com/wasm3/wasm3/issues/543 | Exploit Issue Tracking |
| https://github.com/wasm3/wasm3/issues/547 | Exploit Issue Tracking |
| https://vuldb.com/?ctiid.339334 | Permissions Required VDB Entry |
| https://vuldb.com/?id.339334 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.719829 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.719831 | Third Party Advisory VDB Entry |
Configurations
History
12 Jan 2026, 19:22
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-787 | |
| CPE | cpe:2.3:a:wasm3_project:wasm3:*:*:*:*:*:*:*:* | |
| References | () https://github.com/wasm3/wasm3/issues/543 - Exploit, Issue Tracking | |
| References | () https://github.com/wasm3/wasm3/issues/547 - Exploit, Issue Tracking | |
| References | () https://vuldb.com/?ctiid.339334 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.339334 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.719829 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.719831 - Third Party Advisory, VDB Entry | |
| First Time |
Wasm3 Project
Wasm3 Project wasm3 |
01 Jan 2026, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-01 21:15
Updated : 2026-01-12 19:22
NVD link : CVE-2025-15413
Mitre link : CVE-2025-15413
CVE.ORG link : CVE-2025-15413
JSON object : View
Products Affected
wasm3_project
- wasm3