Vulnerability Details CVE-2025-62711
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.3%
CVSS Severity
CVSS v3 Score 3.1
References
Products affected by CVE-2025-62711
-
cpe:2.3:a:bytecodealliance:wasmtime:38.0.0
-
cpe:2.3:a:bytecodealliance:wasmtime:38.0.1
-
cpe:2.3:a:bytecodealliance:wasmtime:38.0.2