CVE-2025-0459

Name

CVE-2025-0459

Description

A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
signature	https://vuldb.com/?ctiid.291476
vdb-entry	https://vuldb.com/?id.291476
third-party-advisory	https://vuldb.com/?submit.474011

CPE URI	Source package	Min version	Max version
	retroarch	== 1.19.0	== 1.19.0
	retroarch	== 1.19.1	== 1.19.1

Source package	Branch	Version	Maintainer	Status
retroarch	edge-community	1.19.1-r0	David Demelier <markand@malikania.fr>	possibly vulnerable
retroarch	3.22-community	1.19.1-r0	David Demelier <markand@malikania.fr>	possibly vulnerable

References

Match rules

Vulnerable and fixed packages