cvedb.io
CVE-2025-66627
HIGH · CVSS 8.4
EPSS exploitation probability: 0%
Published 2025-12-09T16:18:21.910 · Last modified 2026-06-17T09:57:07.730

Summary

Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.

Affected products

wasmi-labs — wasmi

Does this affect you?

Add your gear to cvedb and we'll alert you only when wasmi-labs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.