CVE-2025-9136

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

CVSS v3 5.3 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 3.1 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/libretro/RetroArch/pull/17555	Issue Tracking Patch
https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849	Issue Tracking Patch
https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8	Patch
https://github.com/libretro/RetroArch/releases/tag/v1.21.0	Release Notes
https://vuldb.com/?ctiid.320516	Permissions Required VDB Entry
https://vuldb.com/?id.320516	Third Party Advisory VDB Entry
https://vuldb.com/?submit.617657	Third Party Advisory VDB Entry
https://vuldb.com/?submit.617657	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libretro:retroarch:1.18.0:::::::*
	cpe:2.3:a:libretro:retroarch:1.19.0:::::::*
	cpe:2.3:a:libretro:retroarch:1.20.0:::::::*

History

No history.

Information

Published : 2025-08-19 12:15

Updated : 2025-09-12 14:55

NVD link : CVE-2025-9136

Mitre link : CVE-2025-9136

CVE.ORG link : CVE-2025-9136

JSON object : View

Products Affected

libretro

retroarch

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-9136", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-19T12:15:27.390", "references": [{"url": "https://github.com/libretro/RetroArch/pull/17555", "tags": ["Issue Tracking", "Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849", "tags": ["Issue Tracking", "Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/libretro/RetroArch/releases/tag/v1.21.0", "tags": ["Release Notes"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.320516", "tags": ["Permissions Required", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.320516", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.617657", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.617657", "tags": ["Third Party Advisory", "VDB Entry"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se ha encontrado una falla en libretro RetroArch 1.18.0/1.19.0/1.20.0. Esta afecta a la funci\u00f3n filestream_vscanf del archivo libretro-common/streams/file_stream.c. Esta manipulaci\u00f3n provoca lecturas fuera de los l\u00edmites. El ataque debe ejecutarse localmente. Actualizar a la versi\u00f3n 1.21.0 mitiga este problema. Se recomienda actualizar el componente afectado."}], "lastModified": "2025-09-12T14:55:08.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libretro:retroarch:1.18.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2D806E4-6774-48B5-826B-D1A738FFE96F"}, {"criteria": "cpe:2.3:a:libretro:retroarch:1.19.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E5834C-1FEA-42DC-A227-C0BD70E5B04D"}, {"criteria": "cpe:2.3:a:libretro:retroarch:1.20.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0125AD73-FE45-409B-A5BC-B95AC62372DC"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}