CVE-2025-6274: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in WebAssembly wabt up to version 1.0.37, identified as CVE-2025-6274. The issue affects the OnDataCount function in the file src/interp/binary-reader-interp.cc and was classified as a resource consumption vulnerability. The vulnerability was disclosed on June 19, 2025, and has been assigned CVSS v4.0 score of 4.8 MEDIUM (VulDB).

The vulnerability is caused by improper control of resource allocation and maintenance in the OnDataCount function, which can lead to an out-of-memory condition when processing certain inputs. The issue has been classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Shutdown or Release). The vulnerability has received multiple severity ratings: CVSS v4.0 score of 4.8 (MEDIUM) and CVSS v3.1 base score of 3.3 (LOW) (VulDB).

The exploitation of this vulnerability can lead to resource exhaustion and denial of service (DoS) conditions. When successfully exploited, the vulnerability affects the availability of the system by causing the application to run out of memory when processing specially crafted input (VulDB, Wiz).

Currently, there are no known official mitigations or workarounds available for this vulnerability. It is recommended to consider replacing the affected product with an alternative solution until a patch is available (VulDB).

A similar issue reported during the same timeframe was disputed by the code maintainer because it might not affect "real world wasm programs". Therefore, this entry might get disputed as well in the future (NVD).