The vulnerability identified as CVE-2025-66627 affects the wasmi WebAssembly interpreter, a tool designed for running WebAssembly modules in constrained and embedded systems. The root cause is a Use After Free (CWE-416) flaw within wasmi's linear memory management. Specifically, when a WebAssembly module requests memory growth under certain conditions, the interpreter incorrectly handles memory allocation and deallocation, leading to a dangling pointer scenario. This Use After Free condition can cause memory corruption, which attackers could exploit to leak sensitive information, execute arbitrary code, or crash the interpreter, impacting availability. The vulnerability affects several wasmi versions: 0.41.0 up to but not including 0.41.2, 0.42.0 up to but not including 0.47.1, 0.50.0 up to but not including 0.51.3, and 1.0.0 up to but not including 1.0.1. The flaw requires no privileges and no user interaction, making it relatively easy to exploit in environments where untrusted WebAssembly modules are processed. The CVSS v3.1 score of 8.4 reflects high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no known exploits are currently reported in the wild, the vulnerability's nature and severity warrant immediate attention. Mitigation includes upgrading to fixed versions and, as a temporary workaround, restricting the maximum linear memory size to prevent triggering the vulnerable code path.

For European organizations, especially those deploying embedded systems or constrained devices that utilize wasmi for WebAssembly execution, this vulnerability poses a significant risk. Exploitation could lead to unauthorized disclosure of sensitive data processed within these systems, compromise system integrity through arbitrary code execution, or cause denial of service by crashing critical components. Sectors such as industrial automation, IoT device manufacturers, telecommunications, and automotive industries in Europe that rely on embedded WebAssembly interpreters may face operational disruptions and data breaches. The ease of exploitation without authentication increases the threat surface, particularly in environments processing untrusted or third-party WebAssembly modules. Additionally, compromised devices could be leveraged as entry points for broader network intrusions, affecting supply chains and critical infrastructure. The potential for code execution elevates the risk of persistent threats and lateral movement within networks.

European organizations should immediately assess their use of wasmi and identify affected versions in their environments. The primary mitigation is to upgrade to patched versions 0.41.2, 0.47.1, 0.51.3, or 1.0.1 as soon as possible. Where immediate upgrading is not feasible, organizations should implement strict controls on the maximum linear memory size allowed for WebAssembly modules to prevent triggering the vulnerability. Additionally, deploying runtime monitoring and anomaly detection focused on memory usage patterns can help identify exploitation attempts. Restricting the execution of untrusted WebAssembly modules and enforcing strict code signing or validation policies will reduce exposure. Network segmentation of devices running wasmi can limit potential lateral movement if compromise occurs. Finally, maintaining up-to-date threat intelligence and applying security patches promptly will reduce the window of vulnerability.