CVE-2025-29364
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-28

Last updated on: 2025-09-09

Assigner: MITRE

Description
spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-28
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-08-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-29364
EUVD
EUVD-2025-27740
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
spimsimulator spim to 9.1.24 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-29364 is a buffer overflow vulnerability in the SPIMsimulator software (version 9.1.24 and earlier) affecting the READ_SYSCALL and WRITE_SYSCALL system calls. The vulnerability allows an attacker to bypass memory address checks by configuring read/write operations to span distinct memory segments within the virtual machine. This leads to out-of-bounds memory reads and writes, potentially corrupting memory and enabling the attacker to escape the simulated environment and impact the host system. [1]

Impact Analysis

This vulnerability can allow an attacker to perform out-of-bounds memory reads and writes, which may corrupt the host machine's memory. Exploiting this flaw could enable the attacker to escape the SPIMsimulator environment and execute code or cause damage on the host system, potentially leading to system compromise or instability. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-29364. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart