CNNVD-202507-3663 Information
CNNVD ID
CNNVD-202507-3663
Related CVE
- CNNVD Published: 2025-07-29
Description (Chinese)
WebAssembly Micro Runtime(WAMR)是Bytecode Alliance开源的一种轻量级的独立 WebAssembly 运行时。具有占用空间小、高性能和高度可配置的功能,适用于从嵌入式、物联网、边缘到可信执行环境 (TEE)、智能合约、云原生等应用程序。 WebAssembly Micro Runtime 2.4.0及之前版本存在安全漏洞,该漏洞源于–addr-pool参数使用不当,可能导致绕过访问限制。
Description (English)
WebAssembly Micro Runtime (WAMR) is a lightweight independent of the Bytecode Alliance open source WebAssembly running. It has small, high-performance and highly configurable functions that apply to applications ranging from embedded, networked, edged to a credible implementation environment (TEE), smart contracts, clouds, etc. WebAssembly Micro Runtime 2.4.0 and previous versions have a security loophole, which stems from the inappropriate use of the –addr-pool parameters and could lead to circumventing access restrictions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Bytecode Alliance
Published
2025-07-29
Last Modified
2026-02-24
References
https://github.com/bytecodealliance/wasm-micro-runtime/security/advisories/GHSA-vh64-mfvw-pxqp https://github.com/bytecodealliance/wasm-micro-runtime/commit/121232a9957a069bbb04ebda053bdc72ab409e7a https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-2.4.1 https://access.redhat.com/security/cve/cve-2025-54126
Patch
https://github.com/bytecodealliance/wasm-micro-runtime/releases
Share on: