CVE-2025-67749
Unknown Unknown - Not Provided
Out-of-Bounds Read in PCSX2 CDVD Handlers via Crafted ELF

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: GitHub, Inc.

Description
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67749
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pcsx2 pcsx2 2.5.377
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in PCSX2 versions 2.5.377 and below involves an unchecked offset and size used in a memcpy operation within the CDVD SCMD 0x91 and SCMD 0x8F handlers. A specially crafted disc image or ELF file can exploit this to cause an out-of-bounds read from the emulator's memory. Specifically, the offset and size are controlled through MG header fields, allowing the crafted ELF to read data beyond the bounds of the mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.

Impact Analysis

The vulnerability can lead to an out-of-bounds read from the emulator's memory, potentially exposing sensitive data from the emulator's memory space. This could allow an attacker to access information they should not have access to, possibly leading to information disclosure or other security issues within the emulated environment.

Mitigation Strategies

Update PCSX2 to version 2.5.378 or later, as this version contains the fix for the vulnerability involving unchecked memcpy operations in CDVD SCMD 0x91 and SCMD 0x8F handlers.

Detection Guidance

This vulnerability is specific to the PCSX2 emulator's handling of specially crafted disc images or ELF files that cause out-of-bounds reads in memory. Detection involves monitoring or analyzing the use of PCSX2 versions 2.5.377 and below, especially when loading untrusted or malicious disc images or ELF files. Since the issue arises from unsafe memcpy operations in the cdvdWrite16 function triggered by SCMD commands 0x91 and 0x8F, one way to detect exploitation attempts is to monitor PCSX2 logs or debug output for abnormal memory access or crashes related to these commands. There are no specific network commands or system commands provided in the resources to detect this vulnerability directly. Users are advised to update to version 2.5.378 where the issue is fixed and avoid running untrusted homebrew software. For detection, one could use debugging tools or memory analysis tools to trace calls to cdvdWrite16 and check for out-of-bounds memory reads, but no explicit commands are given in the resources. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67749. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart