The vulnerability CVE-2025-64713 affects the bytecodealliance's wasm-micro-runtime (WAMR), a lightweight standalone WebAssembly runtime used in embedded and edge computing environments. The issue arises in versions prior to 2.4.4 within the fast interpreter mode during WASM bytecode loading. Specifically, when the internal arrays frame_ref_bottom and frame_offset_bottom reach capacity and a GET_GLOBAL(I32) opcode is processed, only frame_ref_bottom is expanded while frame_offset_bottom is not. If this is immediately followed by an if opcode triggering preserve_local_for_block, the runtime traverses these arrays using stack_cell_num as the upper bound. Because frame_offset_bottom was not expanded accordingly, this results in an out-of-bounds access to frame_offset_bottom, causing memory corruption. This vulnerability is categorized under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). Exploitation requires local access with high attack complexity and no user interaction, and it primarily impacts availability by potentially causing crashes or denial of service. The issue has been addressed in WAMR version 2.4.4, which properly expands both arrays to prevent out-of-bounds access.

The primary impact of CVE-2025-64713 is on availability, as the out-of-bounds memory access can lead to crashes or denial of service in applications using vulnerable versions of WAMR. For European organizations, especially those deploying WAMR in embedded systems, IoT devices, or edge computing platforms, this could disrupt critical services or device operations. While confidentiality and integrity are not directly compromised, the resulting instability could indirectly affect system reliability and operational continuity. Organizations in sectors relying heavily on embedded WebAssembly runtimes—such as manufacturing automation, telecommunications, and smart infrastructure—may face increased operational risks. Additionally, remediation efforts and downtime for patching could impact business continuity if not managed proactively.

To mitigate this vulnerability, organizations should upgrade all instances of wasm-micro-runtime to version 2.4.4 or later, where the issue has been patched. For environments where immediate upgrading is not feasible, consider implementing strict input validation and sandboxing to limit the execution of untrusted WASM bytecode. Conduct thorough testing of embedded and edge devices to detect abnormal crashes or behavior indicative of exploitation attempts. Employ runtime monitoring and anomaly detection tools tailored for embedded systems to identify potential exploitation. Additionally, restrict local access to systems running WAMR to trusted personnel only, as exploitation requires local access with high complexity. Maintain an inventory of devices and applications using WAMR to ensure comprehensive patch management and vulnerability tracking.