Out-of-Bounds Read Flaw in libretro RetroArch 1.18.0 to 1.20.0
CVE-2025-9136

4.8MEDIUM

Key Information:

Vendor: Libretro
Status: Retroarch
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-9136?

An out-of-bounds read vulnerability has been identified in libretro RetroArch versions 1.18.0 through 1.20.0, specifically within the filestream_vscanf function located in the libretro-common/streams/file_stream.c file. This flaw requires a local attack vector to exploit. To address this issue and ensure the security of your system, it is strongly recommended to upgrade to version 1.21.0.

Affected Version(s)

RetroArch 1.18.0

RetroArch 1.19.0

RetroArch 1.20.0

References

https://vuldb.com/?id.320516

vdb-entrytechnical-description

https://vuldb.com/?ctiid.320516

signaturepermissions-required

https://vuldb.com/?submit.617657

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Aug 19, 2025

Credit

Simcha Kosman

simkca (VulDB User)