CVE-2025-64704 – This vulnerability in WebAssembly Micro Runtime... (How to Fix)

Q: What is the severity of CVE-2025-64704?

CVE-2025-64704 has a CVSS score of 4.7 (MEDIUM). This vulnerability in WebAssembly Micro Runtime (WAMR) allows a segmentation fault to be triggered via a specially crafted v128.store instruction in WebAssembly modules. This affects any application or service using WAMR versions before 2.4.4 to execute untrusted WebAssembly code. The vulnerability could lead to denial of service or potentially be leveraged for further exploitation.

📋 TL;DR

This vulnerability in WebAssembly Micro Runtime (WAMR) allows a segmentation fault to be triggered via a specially crafted v128.store instruction in WebAssembly modules. This affects any application or service using WAMR versions before 2.4.4 to execute untrusted WebAssembly code. The vulnerability could lead to denial of service or potentially be leveraged for further exploitation.

💻 Affected Systems

Products:

WebAssembly Micro Runtime (WAMR)

Versions: All versions prior to 2.4.4

Operating Systems: All platforms where WAMR runs (Linux, Windows, macOS, embedded systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when executing WebAssembly modules containing v128.store instructions. Systems not using WAMR or not executing untrusted WebAssembly code are unaffected.

📦 What is this software?

Webassembly Micro Runtime by Bytecodealliance

View all CVEs affecting Webassembly Micro Runtime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution if the segmentation fault can be weaponized with additional vulnerabilities, leading to complete system compromise.

🟠

Likely Case

Denial of service causing application crashes and service disruption when processing malicious WebAssembly modules.

🟢

If Mitigated

Minimal impact if only trusted WebAssembly modules are executed or if runtime isolation prevents privilege escalation.

🌐 Internet-Facing: MEDIUM - Applications exposing WAMR runtime to untrusted WebAssembly input from external sources are at risk of DoS attacks.

🏢 Internal Only: LOW - Internal systems processing only trusted WebAssembly modules have minimal exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious WebAssembly modules with v128.store instructions. No public exploit code has been identified at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.4

Vendor Advisory: https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr

Restart Required: Yes

Instructions:

1. Download WAMR 2.4.4 from official repository. 2. Replace existing WAMR installation with patched version. 3. Recompile any applications using WAMR. 4. Restart services using WAMR runtime.

🔧 Temporary Workarounds

Disable untrusted WebAssembly execution

all

Configure applications to only execute trusted, validated WebAssembly modules

Runtime sandboxing

linux

Run WAMR in isolated containers or sandboxes to limit impact of crashes

docker run --security-opt no-new-privileges -d your_wamr_app

🧯 If You Can't Patch

Implement strict input validation for WebAssembly modules before execution
Deploy network segmentation to isolate WAMR instances from critical systems

🔍 How to Verify

Check if Vulnerable:

Check WAMR version with: wamrc --version or examine application dependencies

Check Version:

wamrc --version

Verify Fix Applied:

Confirm version is 2.4.4 or higher and test with known malicious WebAssembly modules

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in application logs
Unexpected WAMR process termination
High frequency of WebAssembly module loading failures

Network Indicators:

Unusual patterns of WebAssembly module uploads to affected services
Increased error responses from WebAssembly execution endpoints

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "SIGSEGV") AND process="wamr"

📊 Metadata

CVE ID: CVE-2025-64704

CVSS v3 Score: 4.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-754

EPSS Score: 0.02% exploit probability (5.6th percentile)

Published: November 25, 2025

Last Updated: December 3, 2025

🔗 References

https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4 Release Notes
https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr Exploit,Vendor Advisory
https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64704, you might also want to check these: