CVE-2025-64704

MEDIUM

Bytecodealliance Webassembly Micro Runtime - Improper Condition Check

Title source: rule

Description

WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.

References (2)

[Exploit, Vendor Advisory] https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-2f2p-wf5w-82qr

[Release Notes] https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.4

Scores

CVSS v3 4.7

EPSS 0.0002

EPSS Percentile 4.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-754

Status published

Products (1)

bytecodealliance/webassembly_micro_runtime < 2.4.4

Published Nov 25, 2025

Tracked Since Feb 18, 2026