CVE-2025-66627: CWE-416: Use After Free in wasmi-labs wasmi
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.
AI Analysis
Technical Summary
CVE-2025-66627 is a Use After Free vulnerability (CWE-416) found in the wasmi WebAssembly interpreter, which is designed for constrained and embedded systems. The vulnerability stems from the linear memory implementation within wasmi, where under certain conditions involving memory growth triggered by a WebAssembly module, a Use After Free condition occurs. This can lead to memory corruption, which attackers can leverage to cause information disclosure or arbitrary code execution. The affected versions include 0.41.0 to 0.41.1, 0.42.0 to 0.47.0, 0.50.0 to 0.51.2, and 1.0.0, with fixes released in 0.41.2, 0.47.1, 0.51.3, and 1.0.1. The vulnerability does not require privileges or user interaction to exploit, increasing its risk profile. The CVSS v3.1 score is 8.4 (high), reflecting the ease of exploitation and severe impact on confidentiality, integrity, and availability. The flaw is particularly critical in embedded systems where wasmi is deployed, as exploitation could compromise device integrity or leak sensitive data. While no active exploits are known, the vulnerability demands prompt attention due to its potential impact on embedded applications relying on WebAssembly execution.
Potential Impact
For European organizations, the impact of CVE-2025-66627 can be significant, especially those deploying wasmi in embedded or constrained environments such as IoT devices, industrial control systems, or specialized hardware. Successful exploitation could lead to unauthorized disclosure of sensitive information, disruption of critical services, or full system compromise. This is particularly concerning for sectors like manufacturing, energy, healthcare, and telecommunications, where embedded systems are prevalent and often integral to operational technology. The vulnerability's ability to be exploited without authentication or user interaction increases the risk of automated or remote attacks. Compromise of embedded devices could also serve as a foothold for lateral movement within networks, amplifying the threat. Given the growing adoption of WebAssembly in embedded contexts, the vulnerability could affect a broad range of devices and applications across Europe, potentially impacting national infrastructure and critical services.
Mitigation Recommendations
European organizations should immediately assess their use of wasmi and identify affected versions within their embedded or constrained systems. The primary mitigation is to upgrade to patched versions: 0.41.2, 0.47.1, 0.51.3, or 1.0.1. Where upgrading is not immediately feasible, organizations should implement strict limits on the maximum linear memory sizes allocated to WebAssembly modules to reduce the risk of triggering the vulnerability. Additionally, applying runtime memory protections and monitoring for anomalous WebAssembly module behavior can help detect exploitation attempts. Network segmentation and strict access controls around devices running wasmi can limit exposure. Organizations should also review supply chain dependencies to ensure no indirect exposure via third-party components. Finally, maintaining up-to-date threat intelligence and preparing incident response plans for potential exploitation scenarios will enhance resilience.
Affected Countries
Germany, France, United Kingdom, Italy, Netherlands, Sweden, Finland, Poland, Spain, Belgium
CVE-2025-66627: CWE-416: Use After Free in wasmi-labs wasmi
Description
Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 through 0.47.1, 0.50.0 through 0.51.2 and 1.0.0, Wasmi's linear memory implementation leads to a Use After Free vulnerability, triggered by a WebAssembly module under certain memory growth conditions. This issue potentially leads to memory corruption, information disclosure, or code execution. This issue is fixed in versions 0.41.2, 0.47.1, 0.51.3 and 1.0.1. To workaround this issue, consider limiting the maximum linear memory sizes where feasible.
AI-Powered Analysis
Technical Analysis
CVE-2025-66627 is a Use After Free vulnerability (CWE-416) found in the wasmi WebAssembly interpreter, which is designed for constrained and embedded systems. The vulnerability stems from the linear memory implementation within wasmi, where under certain conditions involving memory growth triggered by a WebAssembly module, a Use After Free condition occurs. This can lead to memory corruption, which attackers can leverage to cause information disclosure or arbitrary code execution. The affected versions include 0.41.0 to 0.41.1, 0.42.0 to 0.47.0, 0.50.0 to 0.51.2, and 1.0.0, with fixes released in 0.41.2, 0.47.1, 0.51.3, and 1.0.1. The vulnerability does not require privileges or user interaction to exploit, increasing its risk profile. The CVSS v3.1 score is 8.4 (high), reflecting the ease of exploitation and severe impact on confidentiality, integrity, and availability. The flaw is particularly critical in embedded systems where wasmi is deployed, as exploitation could compromise device integrity or leak sensitive data. While no active exploits are known, the vulnerability demands prompt attention due to its potential impact on embedded applications relying on WebAssembly execution.
Potential Impact
For European organizations, the impact of CVE-2025-66627 can be significant, especially those deploying wasmi in embedded or constrained environments such as IoT devices, industrial control systems, or specialized hardware. Successful exploitation could lead to unauthorized disclosure of sensitive information, disruption of critical services, or full system compromise. This is particularly concerning for sectors like manufacturing, energy, healthcare, and telecommunications, where embedded systems are prevalent and often integral to operational technology. The vulnerability's ability to be exploited without authentication or user interaction increases the risk of automated or remote attacks. Compromise of embedded devices could also serve as a foothold for lateral movement within networks, amplifying the threat. Given the growing adoption of WebAssembly in embedded contexts, the vulnerability could affect a broad range of devices and applications across Europe, potentially impacting national infrastructure and critical services.
Mitigation Recommendations
European organizations should immediately assess their use of wasmi and identify affected versions within their embedded or constrained systems. The primary mitigation is to upgrade to patched versions: 0.41.2, 0.47.1, 0.51.3, or 1.0.1. Where upgrading is not immediately feasible, organizations should implement strict limits on the maximum linear memory sizes allocated to WebAssembly modules to reduce the risk of triggering the vulnerability. Additionally, applying runtime memory protections and monitoring for anomalous WebAssembly module behavior can help detect exploitation attempts. Network segmentation and strict access controls around devices running wasmi can limit exposure. Organizations should also review supply chain dependencies to ensure no indirect exposure via third-party components. Finally, maintaining up-to-date threat intelligence and preparing incident response plans for potential exploitation scenarios will enhance resilience.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-12-05T15:42:44.715Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6937a044f0d475f65e8bac86
Added to database: 12/9/2025, 4:06:28 AM
Last enriched: 12/16/2025, 6:07:28 AM
Last updated: 2/7/2026, 7:41:42 AM
Views: 110
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-2076: Improper Authorization in yeqifu warehouse
MediumCVE-2025-15491: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Post Slides
HighCVE-2025-15267: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder
MediumCVE-2025-13463: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in boldthemes Bold Page Builder
MediumCVE-2025-12803: CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in boldthemes Bold Page Builder
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.