Out-of-Bounds Read Vulnerability in PCSX2 PlayStation 2 Emulator
CVE-2025-67749

5.3MEDIUM

Key Information:

Vendor

Pcsx2

Status
Pcsx2
Vendor
CVE Published:
12 December 2025

What is CVE-2025-67749?

The vulnerability in PCSX2 arises from an unchecked offset and size within its CDVD SCMD 0x91 and SCMD 0x8F handlers. This flaw permits an attacker to use a specially crafted disc image or ELF, allowing for an out-of-bounds read from the emulator's memory. As the data read is controlled via MG header fields, it enables malicious actors to retrieve data from outside the intended memory bounds, which can lead to information disclosure or further exploitation within the emulated environment. This issue has been addressed in PCSX2 version 2.5.378.

Affected Version(s)

pcsx2 < 2.5.378

References

https://github.com/PCSX2/pcsx2/security/advisories/GHSA-6...
x_refsource_CONFIRM
https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290...
x_refsource_MISC
https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378
x_refsource_MISC

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.