Home > Vulnerability Database > CVE-2025-66627

Mend.io Vulnerability Database

CVE-2025-66627

Good to know:

Date: December 9, 2025

Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.

Severity Score

7.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-66627

Url: https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-g4v2-cjqp-rfmq

Url: https://github.com/wasmi-labs/wasmi

Url: https://github.com/wasmi-labs/wasmi/commit/0e6f0d2a8325602c58d6a53ce1c0e6045eb6a490

Url: https://www.mend.io/vulnerability-database/CVE-2025-66627

Severity Score

7.8

Weakness Type (CWE)

Use After Free

CWE-416

Top Fix

Upgrade Version

Upgrade to version wasmi - 0.41.2;wasmi - 0.47.1;wasmi - 0.51.3;wasmi - 1.0.1;https://github.com/wasmi-labs/wasmi.git - 0.41.2;https://github.com/wasmi-labs/wasmi.git - v0.47.1;https://github.com/wasmi-labs/wasmi.git - v0.51.3;https://github.com/wasmi-labs/wasmi.git - v1.0.1

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-66627

Good to know:

Date: December 9, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?