CVE-2025-9136
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-09-12
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libretro | retroarch | 1.18.0 |
| libretro | retroarch | 1.19.0 |
| libretro | retroarch | 1.20.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability requires local access and involves an out-of-bounds read in the filestream_vscanf() function of libretro RetroArch versions 1.18.0, 1.19.0, and 1.20.0. Detection can be done by identifying the installed RetroArch version on your system. You can check the RetroArch version by running the command `retroarch --version` or checking the package manager for the installed version. There are no specific network detection commands or signatures provided. Additionally, reviewing logs or application crashes related to RetroArch might indicate exploitation attempts. Since the vulnerability is local and code-based, scanning for the vulnerable versions is the primary detection method. [1, 3]
Can you explain this vulnerability to me?
CVE-2025-9136 is an out-of-bounds read vulnerability in the filestream_vscanf() function of libretro RetroArch versions 1.18.0, 1.19.0, and 1.20.0. The issue occurs because the code does not properly check the return value of sscanf(), leading to the use of an uninitialized or attacker-controlled variable named sublen. This variable is then used to increment a buffer iterator, causing the program to read memory beyond the intended buffer boundaries. An attacker with local access can exploit this by crafting malicious format strings to trigger this behavior, potentially causing memory leaks or application instability. [1, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing sensitive data through controlled memory leaks, causing application instability, or potentially compromising the confidentiality, integrity, and availability of the affected system. Since the exploit requires local access, an attacker with such access could manipulate the program to read out-of-bounds memory, leading to these impacts. [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can affect compliance with standards and regulations such as GDPR and HIPAA because it may lead to exposure of sensitive data due to out-of-bounds memory reads. Such data exposure could violate requirements for protecting personal or sensitive information, thereby impacting compliance with data protection and privacy regulations. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade libretro RetroArch to version 1.21.0 or later, where the vulnerability has been fixed by properly initializing the affected variable. This upgrade resolves the out-of-bounds read issue. Until the upgrade can be applied, restrict local access to the system to prevent exploitation, as the attack requires local access. Monitoring for unusual application behavior or crashes may also help in early detection. [1, 3]