CVE-2025-49589 MEDIUM

CVE-2025-49589: PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging

Vendor Pcsx2
Product pcsx2
Weakness CWE-121
Published June 12, 2025
Last update June 13, 2025

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:N/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Console Logging. This vulnerability is fixed in 2.3.414.

Key dates

02Disclosure timeline

June 12, 2025 CVE published
June 13, 2025 Record updated