CVE-2025-9688
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-30

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-30
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-08-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9688
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mupen64plus mupen64plus *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9688 is an integer overflow vulnerability in Mupen64Plus (up to version 2.6.0), specifically in the function write_is_viewer in the source file is_viewer.c. This overflow occurs when an integer calculation wraps around unexpectedly, leading to a buffer overflow condition. An attacker can exploit this by injecting malicious code into a game's ROM package, which allows them to escape the emulator sandbox and execute arbitrary code on the host machine. [1, 2]

Impact Analysis

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of your system. Exploiting the integer overflow can allow an attacker to execute arbitrary code on your host machine remotely, potentially leading to unauthorized access, data manipulation, or system disruption. Although the attack requires user interaction and is difficult to exploit, a proof-of-concept is publicly available, increasing the risk. [1, 2]

Detection Guidance

There are no specific detection commands or network/system detection methods provided for this vulnerability. Detection would likely require analyzing the Mupen64Plus emulator version and monitoring for exploitation attempts involving crafted game ROM packages targeting the write_is_viewer function, but no explicit commands or tools are mentioned.

Mitigation Strategies

Immediate mitigation steps include considering replacing the affected Mupen64Plus component with an alternative product, as no official vendor response or patches are available. Since the vulnerability requires user interaction and is difficult to exploit, limiting exposure by avoiding untrusted ROM packages and monitoring for suspicious activity is advisable. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9688. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart