CVE-2025-67749
📋 TL;DR
This vulnerability in PCSX2 allows specially crafted PlayStation 2 disc images or ELF files to trigger an out-of-bounds memory read. Attackers could potentially leak sensitive data from the emulator's memory. Users running PCSX2 versions 2.5.377 and below are affected.
💻 Affected Systems
- PCSX2
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive data from the emulator's memory, potentially exposing system information, saved credentials, or other confidential data being processed by the emulator.
Likely Case
Information disclosure where attackers can read arbitrary memory contents from the PCSX2 process, potentially exposing game saves, configuration data, or other emulator state information.
If Mitigated
Limited information disclosure restricted to the emulator's memory space, with no direct system compromise or privilege escalation.
🎯 Exploit Status
Exploitation requires the victim to load a specially crafted disc image or ELF file into the emulator.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.5.378
Vendor Advisory: https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w
Restart Required: Yes
Instructions:
1. Download PCSX2 version 2.5.378 or later from https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378
2. Install the new version following your operating system's installation procedures
3. Restart PCSX2 to ensure the patch is active
🔧 Temporary Workarounds
Avoid untrusted disc images
allOnly use verified, legitimate PlayStation 2 disc images from trusted sources
Run in sandboxed environment
allRun PCSX2 in a sandbox or virtual machine to limit potential impact of memory disclosure
🧯 If You Can't Patch
- Only run PCSX2 with disc images from trusted, legitimate sources
- Consider using alternative PlayStation 2 emulators that are not affected by this vulnerability
🔍 How to Verify
Check if Vulnerable:
Check PCSX2 version in Help → About menu. If version is 2.5.377 or below, you are vulnerable.Check Version:
On Windows: Check Help → About menu. On Linux: Run 'pcsx2 --version' if available, or check About menu.Verify Fix Applied:
After updating, verify version shows 2.5.378 or higher in Help → About menu.📡 Detection & Monitoring
Log Indicators:
- Unusual memory access patterns in PCSX2 logs
- Crashes or unexpected behavior when loading disc images
Network Indicators:
- No network indicators - this is a local file execution vulnerability
SIEM Query:
Process execution of PCSX2 with suspicious file parameters or unexpected memory access patterns