Description

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

INFO

Published Date :

2025-10-24T21:54:52.578Z

Last Modified :

2025-10-27T15:22:22.914Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-62711 vulnerability.

Vendors Products
Bytecodealliance
  • Wasmtime
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-62711.

URL Resource
https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5 cve-icon cve-icon cve-icon
https://github.com/bytecodealliance/wasmtime/pull/11592 cve-icon cve-icon cve-icon
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-62711 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-62711 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact