Vulnerability DatabaseCVE-2025-62711
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-62711
October 24, 2025
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.
Affected Packages
wasmtime (RUST):
Affected version(s) >=38.0.0 <38.0.3
Fix Suggestion:
Update to version 38.0.3
Related ResourcesĀ (7)
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc
https://nvd.nist.gov/vuln/detail/CVE-2025-62711
https://crates.io/crates/wasmtime
https://github.com/bytecodealliance/wasmtime/pull/11592
https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5
https://github.com/bytecodealliance/wasmtime
https://rustsec.org/advisories/RUSTSEC-2025-0112.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
PRESENT
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
LOW
CVSS v3
Base Score:
3.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
LOW
Weakness Type (CWE)
Improper Handling of Exceptional Conditions
CWE-755
EPSS
Base Score:
0.01