CVE-2025-68114 — Vulnetix

CVE-2025-68114 PUBLISHED CVSS 4.800000190734863 MEDIUM

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, an unchecked vsnprintf return in SStream_concat lets a malicious cs_opt_mem.vsnprintf drive SStream’s index negative or past the end, leading to a stack buffer underflow/overflow when the next write occurs. Commit 2c7797182a1618be12017d7d41e0b6581d5d529e fixes the issue.

EPSS 0.04% · 11.6th percentile

Risk Scores

CVSS v3.1

4.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

EPSS Score

0.04%

11.6th percentile

Affected Products

Vendor	Product	Versions
capstone-engine	capstone	<= 6.0.0-Alpha5, 0, 6.0.0

Timeline

Dec 15, 2025 CVE ID Reserved
Dec 17, 2025 CVE Published
Dec 18, 2025 EPSS Score
Dec 18, 2025 CVE Updated
Dec 22, 2025 EPSS Score
Dec 26, 2025 EPSS Score
Dec 30, 2025 EPSS Score
Jan 2, 2026 EPSS Score
Jan 6, 2026 EPSS Score
Jan 8, 2026 PoC Published
Jan 8, 2026 PoC Published
Jan 8, 2026 PoC Published

References

https://github.com/capstone-engine/capstone/security/advisories/GHSA-85f5-6xr3-q76r url
https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e url

Open in Interactive Console →