Description

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. In versions 2.4.0 and below, iwasm uses --addr-pool with an IPv4 address that lacks a subnet mask, allowing the system to accept all IP addresses. This can unintentionally expose the service to all incoming connections and bypass intended access restrictions. Services relying on --addr-pool for restricting access by IP may unintentionally become open to all external connections. This may lead to unauthorized access in production deployments, especially when users assume that specifying an IP without a subnet mask implies a default secure configuration. This is fixed in version 2.4.1.

INFO

Published Date :

2025-07-29T21:52:36.253Z

Last Modified :

2025-07-30T18:12:22.511Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54126 vulnerability.

Vendors Products
Bytecodealliance
  • Webassembly Micro Runtime
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54126.

URL Resource
https://github.com/bytecodealliance/wasm-micro-runtime/commit/121232a9957a069bbb04ebda053bdc72ab409e7a cve-icon cve-icon
https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.1 cve-icon cve-icon
https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-vh64-mfvw-pxqp cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact