05-25-2025, 06:00 PM
Medium
resolved
resolved
WASI sandbox escape via symlink
Bug reported by Jesse Wilson was disclosed at May 24, 2025, 10:33 am | Privilege Escalation
A WASI + WASM program was discovered to be able to use `path_symlink` to read arbitrary files on the host machine by creating a symlink in a preopen to a different location on the local file system, thereby escaping the WASI sandbox.