Cybersecurity Vulnerabilities

CVE-2025-64713: Out-of-Bounds Access in WebAssembly Micro Runtime (WAMR) – Critical Update Required!

November 26, 2025 - By 

Overview

CVE-2025-64713 describes an out-of-bounds array access vulnerability found in the WebAssembly Micro Runtime (WAMR), specifically affecting versions prior to 2.4.4. This flaw resides within WAMR’s fast interpreter mode during WASM bytecode loading. Exploitation of this vulnerability could potentially lead to denial-of-service (DoS) or, in more severe scenarios, arbitrary code execution.

Technical Details

The vulnerability arises when handling GET_GLOBAL(I32) opcodes in conjunction with the if opcode within the WASM bytecode. Specifically, the frame_ref_bottom and frame_offset_bottom arrays are involved in managing stack frames. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded. However, frame_offset_bottom might not be expanded correspondingly.

Subsequently, if an if opcode is encountered, it may trigger the preserve_local_for_block function. This function then traverses arrays using stack_cell_num as the upper bound. Because frame_offset_bottom wasn’t expanded to match the increased stack_cell_num, this results in out-of-bounds access to frame_offset_bottom.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-64713 a score of 5.1 (MEDIUM). While the impact might not be immediately catastrophic, the potential for exploitation leading to denial-of-service or code execution makes patching crucial.

Possible Impact

  • Denial of Service (DoS): An attacker could craft malicious WASM bytecode designed to trigger the out-of-bounds access, causing the WAMR runtime to crash, effectively leading to a DoS.
  • Potential Code Execution: While less likely, a sophisticated attacker might be able to leverage this vulnerability to execute arbitrary code. The feasibility of this depends on the specific environment and exploitation techniques.

Mitigation or Patch Steps

The recommended mitigation is to upgrade to WebAssembly Micro Runtime (WAMR) version 2.4.4 or later. This version contains a patch that addresses the out-of-bounds array access issue. Organizations using WAMR in their products or infrastructure should prioritize this update.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *