CVE-2025-9136 — MEDIUM (5.3)

Vulnerability Description

A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Libretro	Retroarch	1.18.0

Related Weaknesses (CWE)

CWE-119 CWE-125

References

https://github.com/libretro/RetroArch/pull/17555Issue TrackingPatch
https://github.com/libretro/RetroArch/pull/17555#issuecomment-2651403849Issue TrackingPatch
https://github.com/libretro/RetroArch/pull/17555/commits/6446f045ec7fc6a5cac3e8ePatch
https://github.com/libretro/RetroArch/releases/tag/v1.21.0Release Notes
https://vuldb.com/?ctiid.320516Permissions RequiredVDB Entry
https://vuldb.com/?id.320516Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.617657Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.617657Third Party AdvisoryVDB Entry

FAQ

What is CVE-2025-9136?

CVE-2025-9136 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds ...

How severe is CVE-2025-9136?

CVE-2025-9136 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-9136?

Check the references section above for vendor advisories and patch information. Affected products include: Libretro Retroarch.