CVE-2025-68114 — MEDIUM (4.8)

Q: How severe is CVE-2025-68114?

CVE-2025-68114 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-68114?

Check the references section above for vendor advisories and patch information. Affected products include: Capstone-Engine Capstone.

Vulnerability Description

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Capstone-Engine	Capstone	< 6.0.0

Related Weaknesses (CWE)

CWE-120 CWE-124

References

FAQ

What is CVE-2025-68114?

CVE-2025-68114 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past th...

How severe is CVE-2025-68114?

CVE-2025-68114 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-68114?

Check the references section above for vendor advisories and patch information. Affected products include: Capstone-Engine Capstone.