How severe is CVE-2025-43853?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-43853?

This is classified as CWE-61, which is a common weakness in software security.

CVE-2025-43853 - HIGH Severity | CVSS N/A

Vulnerability Description

The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface (WASI) and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink following vulnerability. On WAMR running in Windows, creating a symlink pointing outside of the preopened directory and subsequently opening it with create flag will create a file on host outside of the sandbox. If the symlink points to an existing host file, it's also possible to open it and read its content. Version 2.3.0 fixes the issue.

Related Vulnerabilities

CVE-2024-54661

CRITICAL

CVSS:9.8(Critical)

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.

CWE-612024

CVE-2025-23394

CRITICAL

CVSS:9.8(Critical)

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.

CWE-612025

CVE-2024-22014

HIGH

CVSS:8.8(High)

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete.

CWE-612024

CVE-2024-45418

HIGH

CVSS:8.8(High)

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

CWE-612024

CVE-2024-52535

HIGH

CVSS:8.8(High)

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remedi...

CWE-612024

CVE-2024-47515

HIGH

CVSS:8.1(High)

A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of ...

CWE-612024