Linux Distros Unpatched Vulnerability : CVE-2025-53901

🗓️ 08 Aug 2025 00:00:00Reported by TenableType

CVE-2025-53901: Wasmtime WASI panic DoS on host via fd_renumber; patch releases available; upgrade.

Reporter	Title	Published	Views	Family All 30
FreeBSD	libwasmtime -- host panic with fd_renumber WASIp1 function	18 Jul 202500:00	–	freebsd
Chainguard	CVE-2025-53901 vulnerabilities	23 Jul 202513:17	–	cgr
Circl	CVE-2025-53901	18 Jul 202519:21	–	circl
CNNVD	Bytecode Alliance Wasmtime 安全漏洞	18 Jul 202500:00	–	cnnvd
CVE	CVE-2025-53901	18 Jul 202517:10	–	cve
Cvelist	CVE-2025-53901 Wasmtime has host panic with `fd_renumber` WASIp1 function	18 Jul 202517:10	–	cvelist
Debian CVE	CVE-2025-53901	18 Jul 202517:10	–	debiancve
EUVD	EUVD-2025-21918	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : libwasmtime -- host panic with fd_renumber WASIp1 function (605a9d1e-6521-11f0-beb2-ac5afc632ba3)	20 Jul 202500:00	–	nessus
Github Security Blog	Wasmtime CLI is vulnerable to host panic through its fd_renumber function	18 Jul 202519:50	–	github

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2025-53901
ubuntu	www.ubuntu.com/security/CVE-2025-53901
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(246230);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/05/21");

  script_cve_id("CVE-2025-53901");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2025-53901");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's
    implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in
    the host (embedder). The specific bug is triggered by calling `path_open` after calling `fd_renumber` with
    either two equal argument values or a second argument being equal to a previously-closed file descriptor
    number value. The corrupt state introduced in `fd_renumber` will lead to the subsequent opening of a file
    descriptor to panic. This panic cannot introduce memory unsafety or allow WebAssembly to break outside of
    its sandbox, however. There is no possible heap corruption or memory unsafety from this panic. This bug is
    in the implementation of Wasmtime's `wasmtime-wasi` crate which provides an implementation of WASIp1. The
    bug requires a specially crafted call to `fd_renumber` in addition to the ability to open a subsequent
    file descriptor. Opening a second file descriptor is only possible when a preopened directory was provided
    to the guest, and this is common amongst embeddings. A panic in the host is considered a denial-of-service
    vector for WebAssembly embedders and is thus a security issue in Wasmtime. This bug does not affect WASIp2
    and embedders using components. In accordance with Wasmtime's release process, patch releases are
    available as 24.0.4, 33.0.2, and 34.0.2. Users of other release of Wasmtime are recommended to move to a
    supported release of Wasmtime. Embedders who are using components or are not providing guest access to
    create more file descriptors (e.g. via a preopened filesystem directory) are not affected by this issue.
    Otherwise, there is no workaround at this time, and affected embeddings are recommended to update to a
    patched version which will not cause a panic in the host. (CVE-2025-53901)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-53901");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2025-53901");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-53901");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:25.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:13.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:rust-wasmtime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rust-wasmtime");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Debian Linux-13", "Host/OS/Ubuntu Linux-24.04", "Host/OS/Ubuntu Linux-25.04", "Host/OS/Ubuntu Linux-25.10");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-13": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "13",
        "pkgs": [
          {"reference": "librust-cranelift-dev"}
        ]
      }
    ]
  },
  "Ubuntu Linux-24.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "24.04",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.04",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  },
  "Ubuntu Linux-25.10": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "25.10",
        "pkgs": [
          {"reference": "rust-wasmtime"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

21 May 2026 00:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.13.5

EPSS0.00379

SSVC