CVE-2025-49589
BaseFortify
Publication date: 2025-06-12
Last updated on: 2025-06-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49589 is a stack-based buffer overflow vulnerability in the Kprintf_HLE function of the PCSX2 PlayStation 2 emulator. It occurs when opening a disc image that triggers logging of a specially crafted message while IOP Console Logging is enabled. The vulnerability arises because the printf output was not properly truncated when exceeding the fixed buffer size, leading to potential buffer overflow conditions. This can allow a remote attacker to execute arbitrary code on the affected system. The issue was fixed by adding boundary checks and truncating output to prevent overflow, as well as correctly handling buffer sizes in the snprintf function. [1, 2, 3]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow a remote attacker to execute arbitrary code on your system running PCSX2 with IOP Console Logging enabled. This can compromise the integrity and availability of your system, potentially leading to unauthorized actions or system crashes. However, exploitation requires that the user has enabled IOP Console Logging and interacts with a specially crafted disc image. [3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your PCSX2 emulator version is prior to 2.3.414 and if IOP Console Logging is enabled. Since the vulnerability triggers when opening a disc image that logs a specially crafted message, monitoring logs for unusual or malformed messages related to IOP Console Logging may help detect exploitation attempts. Specific commands are not provided in the resources, but you can verify the PCSX2 version by running the emulator and checking its About or version info. Additionally, monitoring for crashes or abnormal behavior when loading disc images could indicate exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update PCSX2 to version 2.3.414 or later, where the vulnerability has been fixed. If updating is not possible immediately, disable IOP Console Logging to prevent the vulnerability from being exploitable. These steps will prevent the stack-based buffer overflow in the Kprintf_HLE function from being triggered by specially crafted disc images. [3]