CVE-2025-2368
Published: 17 March 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-2368 is a critical heap-based buffer overflow vulnerability in WebAssembly wabt version 1.0.36. It affects the function wabt::interp::(anonymous namespace)::BinaryReaderInterp::OnExport in the file wabt/src/interp/binary-reader-interp.cc within the Malformed File Handler component.
The vulnerability can be exploited remotely by an unauthenticated attacker who manipulates a malformed file. Exploitation requires user interaction, such as opening or processing the file in an affected application. Successful attacks result in low-impact confidentiality, integrity, and availability violations, with a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L). Associated weakness identifiers include CWE-119, CWE-122, and CWE-787.
Advisories in GitHub issues #2537 and #2556, along with pull request #2541 in the WebAssembly/wabt repository, detail the issue and provide a patch. The VulDB entry (ctiid.299867) recommends applying the patch to mitigate the vulnerability, noting that the exploit has been publicly disclosed and may be used.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes exploitation of a heap buffer overflow in a malformed file handler via a crafted file requiring user interaction to open/process in an affected application, directly mapping to client-side exploitation and malicious file delivery.