{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-49589", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-06-06T15:44:21.556Z", "datePublished": "2025-06-12T20:56:38.711Z", "dateUpdated": "2025-06-13T14:07:14.750Z"}, "containers": {"cna": {"title": "PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging", "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "lang": "en", "description": "CWE-121: Stack-based Buffer Overflow", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35"}, {"name": "https://github.com/PCSX2/pcsx2/pull/12823", "tags": ["x_refsource_MISC"], "url": "https://github.com/PCSX2/pcsx2/pull/12823"}, {"name": "https://github.com/PCSX2/pcsx2/pull/12826", "tags": ["x_refsource_MISC"], "url": "https://github.com/PCSX2/pcsx2/pull/12826"}], "affected": [{"vendor": "PCSX2", "product": "pcsx2", "versions": [{"version": "< 2.3.414", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-12T20:56:38.711Z"}, "descriptions": [{"lang": "en", "value": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414."}], "source": {"advisory": "GHSA-f494-4xf7-xj35", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T14:06:48.902688Z", "id": "CVE-2025-49589", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:07:14.750Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-49589", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-13T14:06:48.902688Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:06:54.713Z"}}], "cna": {"title": "PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging", "source": {"advisory": "GHSA-f494-4xf7-xj35", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "PCSX2", "product": "pcsx2", "versions": [{"status": "affected", "version": "< 2.3.414"}]}], "references": [{"url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35", "name": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/PCSX2/pcsx2/pull/12823", "name": "https://github.com/PCSX2/pcsx2/pull/12823", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/PCSX2/pcsx2/pull/12826", "name": "https://github.com/PCSX2/pcsx2/pull/12826", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-06-12T20:56:38.711Z"}}}, "cveMetadata": {"cveId": "CVE-2025-49589", "state": "PUBLISHED", "dateUpdated": "2025-06-13T14:07:14.750Z", "dateReserved": "2025-06-06T15:44:21.556Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-06-12T20:56:38.711Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414."}, {"lang": "es", "value": "PCSX2 es un emulador gratuito y de c\u00f3digo abierto de PlayStation 2 (PS2). Existe un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n Kprintf_HLE de las versiones de PCSX2 hasta la 2.3.414. Abrir una imagen de disco que registra un mensaje especialmente manipulado podr\u00eda permitir que un atacante remoto ejecute c\u00f3digo arbitrario si el usuario habilit\u00f3 el registro de consola IOP. Esta vulnerabilidad se corrigi\u00f3 en la versi\u00f3n 2.3.414."}], "id": "CVE-2025-49589", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-12T21:15:21.480", "references": [{"source": "[email protected]", "url": "https://github.com/PCSX2/pcsx2/pull/12823"}, {"source": "[email protected]", "url": "https://github.com/PCSX2/pcsx2/pull/12826"}, {"source": "[email protected]", "url": "https://github.com/PCSX2/pcsx2/security/advisories/GHSA-f494-4xf7-xj35"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "[email protected]", "type": "Primary"}]}

{}