Vulnerability Details CVE-2025-9136
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 4.3
References
- https://github.com/libretro/RetroArch/pull/17555
- https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849
- https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8
- https://github.com/libretro/RetroArch/releases/tag/v1.21.0
- https://vuldb.com/?ctiid.320516
- https://vuldb.com/?id.320516
- https://vuldb.com/?submit.617657
- https://vuldb.com/?submit.617657