CVE-2025-49589

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

CVSS

No CVSS.

References

Link	Resource
https://github.com/PCSX2/pcsx2/pull/12823
https://github.com/PCSX2/pcsx2/pull/12826
https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35

Configurations

No configuration.

History

16 Jun 2025, 12:32

Type	Values Removed	Values Added
Summary		(es) PCSX2 es un emulador gratuito y de código abierto de PlayStation 2 (PS2). Existe un desbordamiento de búfer basado en pila en la función Kprintf_HLE de las versiones de PCSX2 hasta la 2.3.414. Abrir una imagen de disco que registra un mensaje especialmente manipulado podría permitir que un atacante remoto ejecute código arbitrario si el usuario habilitó el registro de consola IOP. Esta vulnerabilidad se corrigió en la versión 2.3.414.

12 Jun 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-12 21:15

Updated : 2025-06-16 12:32

NVD link : CVE-2025-49589

Mitre link : CVE-2025-49589

CVE.ORG link : CVE-2025-49589

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-49589", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.1, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-12T21:15:21.480", "references": [{"url": "https://github.com/PCSX2/pcsx2/pull/12823", "source": "security-advisories@github.com"}, {"url": "https://github.com/PCSX2/pcsx2/pull/12826", "source": "security-advisories@github.com"}, {"url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414."}, {"lang": "es", "value": "PCSX2 es un emulador gratuito y de c\u00f3digo abierto de PlayStation 2 (PS2). Existe un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n Kprintf_HLE de las versiones de PCSX2 hasta la 2.3.414. Abrir una imagen de disco que registra un mensaje especialmente manipulado podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario si el usuario habilit\u00f3 el registro de consola IOP. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.3.414."}], "lastModified": "2025-06-16T12:32:18.840", "sourceIdentifier": "security-advisories@github.com"}