CVE-2025-64704
MEDIUMWebAssembly Micro Runtime < 2.4.4 - Denial of Service via v128.store Instruction
Title source: llmDescription
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr
Release Notes x_refsource_misc
https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4
Scores
CVSS v3
4.7
EPSS
0.0015
EPSS Percentile
4.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-754
Status
published
Products (1)
bytecodealliance/webassembly_micro_runtime
< 2.4.4
Published
Nov 25, 2025
Tracked Since
Feb 18, 2026