CVE-2025-9809 — Vulnetix

CVE-2025-9809 PUBLISHED CVSS 8.399999618530273 HIGH

Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.

EPSS 0.82% · 74.7th percentile

Risk Scores

CVSS 4.0

8.399999618530273

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.82%

74.7th percentile

Affected Products

Vendor	Product	Versions
libretro	libretro-common	0

Exploit Intelligence

CIRCL seen: CVE-2025-9809 (circl-sighting)
https://github.com/libretro/libretro-common/blob/master/formats/cdfs/cdfs.c#L471 (circl)
https://github.com/libretro/libretro-common/issues/222 (circl)

Timeline

Sep 1, 2025 CVE Published
Sep 1, 2025 PoC Published
Sep 2, 2025 EPSS Score
Sep 3, 2025 CVE Updated
Sep 10, 2025 EPSS Score
Sep 17, 2025 EPSS Score
Sep 25, 2025 EPSS Score
Oct 2, 2025 EPSS Score
Oct 10, 2025 EPSS Score
Oct 18, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Nov 2, 2025 EPSS Score

References

Open in Interactive Console →