CVE-2025-62711 – Wasmtime vulnerable to segfault when using component resources

CVE ID : CVE-2025-62711

Published : Oct. 24, 2025, 10:15 p.m. | 28 minutes ago

Description : Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it’s possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…