CVE-2025-6275: 
NixOS vulnerability analysis and mitigation

A vulnerability was discovered in WebAssembly wabt versions up to 1.0.37, identified as CVE-2025-6275. The issue affects the GetFuncOffset function in the file src/interp/binary-reader-interp.cc. This vulnerability was disclosed on June 19, 2025, and has been classified as a use-after-free vulnerability that can be exploited locally (NVD, Wiz).

The vulnerability is classified as a heap-use-after-free issue (CWE-416) in the GetFuncOffset function at line 481 of src/interp/binary-reader-interp.cc. The CVSS v3.1 base score is 3.3 (LOW) with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, while the CVSS v4.0 score is 4.8 (MEDIUM) with the vector CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P (NVD, GitHub Issue).

The vulnerability can cause the program to crash, use unexpected values, or execute code when memory is accessed after being freed. The primary impact is on system availability, with no direct effect on confidentiality or integrity (Wiz).

Currently, there are no known official mitigations or workarounds for this vulnerability. It is recommended to consider replacing the affected software with an alternative product until a patch is available (Wiz).

The code maintainer has noted that similar issues reported during the same timeframe were disputed because they might not affect "real world wasm programs". Therefore, this vulnerability might also be disputed in the future (NVD).