SB2025102948 - Remote code execution in Mupen64Plus
Published: October 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Integer overflow (CVE-ID: CVE-2025-9688)
The vulnerability allows a malicious guest to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the write_is_viewer() function in src/device/cart/is_viewer.c. A malicious guest can trigger an integer overflow and execute arbitrary code on the target system.
2) Buffer overflow (CVE-ID: CVE-2025-29366)
The vulnerability allows a malicious guest to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the write_rdram_regs() and write_rdram_regs() functions. A malicious guest can trigger memory corruption and execute arbitrary code on the host machine.
Remediation
Install update from vendor's website.
References
- https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG10
- https://github.com/mupen64plus/mupen64plus-core/commit/3984137fc0c44110f1ef876adb008885b05a6e18
- https://vuldb.com/?id.321900
- https://vuldb.com/?submit.638592
- https://gist.github.com/Giles-one/f4ea405c2a26000bb4ff4cfb9622be49
- https://github.com/Giles-one/mupen64plusEscape/tree/main/BUG1
- https://github.com/mupen64plus/mupen64plus-core/blob/2.6.0/src/device/rdram/rdram.c#L159
- https://github.com/mupen64plus/mupen64plus-core/blob/master/src/device/rdram/rdram.h#L50
- https://github.com/mupen64plus/mupen64plus-core/blob/master/src/device/rdram/rdram.h#L60