CVE-2025-62711

LOW

Bytecodealliance Wasmtime < 38.0.3 - Improper Exception Handling

Title source: rule

Description

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

References (3)

Scores

CVSS v3 3.1
EPSS 0.0002
EPSS Percentile 4.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE
CWE-755
Status published

Affected Products (2)

bytecodealliance/wasmtime < 38.0.3
crates.io/wasmtime < 38.0.3crates.io

Timeline

Published Oct 24, 2025
Tracked Since Feb 18, 2026