CVE-2025-9688: 
Linux Debian vulnerability analysis and mitigation

A security vulnerability (CVE-2025-9688) has been identified in Mupen64Plus versions up to 2.6.0, specifically in the writeisviewer function located in src/device/cart/is_viewer.c. The vulnerability was disclosed on August 30, 2025, and involves an integer overflow condition that can be exploited remotely (NVD).

The vulnerability is characterized by an integer overflow condition in the writeisviewer function. According to the CVSS scoring, it has received a CVSS v4.0 score of 2.3 (LOW) with the vector string CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 5.0 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound) and CWE-189 (Numeric Errors) (NVD).

The vulnerability has low to medium severity impact across confidentiality, integrity, and availability. The CVSS scores indicate that while the vulnerability can be exploited remotely, it requires high attack complexity and user interaction, resulting in limited potential impact (NVD).

The vendor was contacted regarding this vulnerability but did not respond. No official patches or mitigations have been published at this time (NVD).