CVE-2025-64704 identifies a vulnerability in the WebAssembly Micro Runtime (WAMR), a lightweight standalone runtime designed to execute WebAssembly (Wasm) modules efficiently in constrained environments. The issue arises from an improper check for unusual or exceptional conditions (CWE-754) specifically related to the v128.store instruction, which handles 128-bit SIMD vector storage operations. Prior to version 2.4.4, WAMR does not correctly validate or handle edge cases during the execution of this instruction, leading to a segmentation fault that causes the runtime to crash. This vulnerability can be triggered by a crafted Wasm module or input that causes the runtime to attempt an invalid memory access during the v128.store operation. The CVSS 3.1 base score is 4.7 (medium), reflecting that exploitation requires local access (AV:L), high attack complexity (AC:H), no privileges (PR:N), and user interaction (UI:R). The impact is limited to availability, as confidentiality and integrity are not affected. No known exploits have been reported in the wild, and the issue was patched in WAMR version 2.4.4. This vulnerability is particularly relevant for embedded systems, IoT devices, and edge computing platforms that leverage WAMR for running Wasm workloads, where stability and uptime are critical. The root cause is insufficient validation of exceptional conditions during SIMD instruction execution, highlighting the importance of rigorous input validation and error handling in Wasm runtimes.

For European organizations, the primary impact of CVE-2025-64704 is a potential denial of service due to segmentation faults causing runtime crashes. This can disrupt critical embedded or edge computing applications that rely on WAMR for executing Wasm modules, potentially affecting industrial automation, IoT device functionality, and real-time data processing systems. Although the vulnerability does not compromise data confidentiality or integrity, service interruptions can lead to operational downtime, financial losses, and reduced reliability of critical infrastructure. Organizations in sectors such as manufacturing, automotive, telecommunications, and smart city deployments—where embedded Wasm runtimes are increasingly adopted—may experience degraded service availability. The requirement for local access and user interaction limits remote exploitation risks but does not eliminate insider threat or accidental triggering scenarios. The absence of known exploits in the wild reduces immediate risk but underscores the need for proactive patching to prevent future exploitation attempts.

1. Upgrade all instances of WebAssembly Micro Runtime to version 2.4.4 or later, where the vulnerability has been patched. 2. Conduct an inventory of embedded and edge devices using WAMR to identify vulnerable versions. 3. Audit Wasm modules that utilize v128 SIMD instructions to ensure they do not trigger exceptional conditions or invalid memory accesses. 4. Implement robust input validation and exception handling within Wasm modules and the host environment to prevent malformed inputs from causing crashes. 5. Restrict local access to devices running WAMR to trusted personnel and enforce strict user interaction policies to reduce exploitation likelihood. 6. Monitor runtime logs for segmentation faults or abnormal crashes indicative of attempted exploitation. 7. Develop incident response plans for rapid recovery from potential denial of service events affecting embedded systems. 8. Engage with vendors and suppliers to ensure timely updates and security patches for embedded platforms using WAMR.