CVE-2025-9809
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-01

Last updated on: 2025-12-08

Assigner: CyberArk Labs

Description
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-01
Last Modified
2025-12-08
Generated
2026-06-16
AI Q&A
2025-09-01
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9809
EUVD
EUVD-2025-26355
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libretro libretro-common *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9809 is a stack-based buffer overflow vulnerability in the libretro-common library's CDFS .cue file parser. It occurs in the function cdfs_open_cue_track when a crafted .cue file contains a file path string longer than the fixed buffer size (PATH_MAX_LENGTH). The vulnerability arises because memcpy copies the file path into a fixed-size buffer without properly limiting the number of bytes copied, causing an out-of-bounds write. This overflow can allow remote attackers to execute arbitrary code. [1]

Impact Analysis

This vulnerability can allow remote attackers to execute arbitrary code on systems using the affected libretro-common library by providing a specially crafted .cue file with an excessively long file path. Exploiting this could lead to system compromise, unauthorized control, or other malicious actions depending on the privileges of the affected application. [1]

Detection Guidance

This vulnerability can be detected by scanning for the presence of crafted .cue files with file path strings exceeding PATH_MAX_LENGTH in systems using the libretro-common library. You can search for suspicious .cue files with unusually long FILE path entries. For example, use commands like 'grep -r "FILE \".*\" BINARY" /path/to/cue/files | awk '{ if (length($2) > PATH_MAX_LENGTH) print $0 }'' to identify .cue files with excessively long file paths. Additionally, monitoring for crashes or abnormal behavior in applications using libretro-common when processing .cue files may indicate exploitation attempts. [1]

Mitigation Strategies

The immediate mitigation step is to apply the patch that restricts the memcpy size to PATH_MAX_LENGTH - 1 bytes and ensures the destination buffer is null-terminated to prevent overflow. Until a patched version is deployed, avoid processing untrusted or suspicious .cue files with potentially long file paths. Implement input validation to reject .cue files with file path strings exceeding the maximum allowed length. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9809. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart