QwikSec

Security Database

CVE

CWE

Training

CVE-2025-9136

Published: Aug 19, 2025

Modified: Aug 19, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

Vendor	Product	Versions
libretro	RetroArch	affected `1.18.0` affected `1.19.0` affected `1.20.0` unaffected `1.21.0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-320516 | libretro RetroArch file_stream.c filestream_vscanf out-of-bounds

vdb-entry

technical-description

VDB-320516 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #617657 | libretro RetroArch v1.20.0/v1.19.0/v1.18.0 Out-of-Bounds Read

third-party-advisory

https://github.com/libretro/RetroArch/pull/17555

issue-tracking

https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849

issue-tracking

https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ec35a2f0a5889c88e8

issue-tracking

patch

https://github.com/libretro/RetroArch/releases/tag/v1.21.0

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.