CVE-2025-14956
MEDIUMWebAssembly Binaryen < 125 - Heap-Based Buffer Overflow in WasmBinaryReader::readExport
Title source: llmDescription
A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.337592
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.337592
Exploit, Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.717315
Exploit, Issue Tracking, Third Party Advisory issue-tracking
https://github.com/WebAssembly/binaryen/issues/8089
Issue Tracking issue-tracking
https://github.com/WebAssembly/binaryen/pull/8092
Various Sources product
https://github.com/WebAssembly/binaryen/
Scores
CVSS v3
5.3
EPSS
0.0018
EPSS Percentile
7.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-122
CWE-125
Status
published
Products (1)
webassembly/binaryen
< 125
Published
Dec 19, 2025
Tracked Since
Feb 18, 2026