Detections
Analytics

CVE-2025-9688

low

Description

A security vulnerability has been detected in Mupen64Plus up to 2.6.0. The affected element is the function write_is_viewer of the file src/device/cart/is_viewer.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used. The identifier of the patch is 3984137fc0c44110f1ef876adb008885b05a6e18. To fix this issue, it is recommended to deploy a patch.

References

https://vuldb.com/?submit.638592

https://vuldb.com/?id.321900

https://vuldb.com/?ctiid.321900

https://github.com/mupen64plus/mupen64plus-core/commit/3984137fc0c44110f1ef876adb008885b05a6e18

https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG10

Details

Source: Mitre, NVD

Published: 2025-08-30

Updated: 2025-09-02

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 2.3

Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Low

EPSS

EPSS: 0.00033