CVE-2025-68114: Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow

Overview

Severity

Medium (CVSS 4.8)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Exploit Status

Not Exploited

Patch Tuesday

2025-Dec

Released

2025-12-21

Last Updated

2026-03-04

EPSS Score

0.04% (percentile: 11.0%)

Affected Products (6)

Open Source Software

• cbl2 qemu 6.2.0-26 on CBL Mariner 2.0

Other

• 20744-17084
• 20822-17084
• 20864-17084
• 20865-17084
• 20964-17084

Revision History

• 2025-12-21: Information published.
• 2025-12-23: Information published.
• 2026-01-13: Information published.
• 2026-01-20: Information published.
• 2026-02-18: Information published.
• 2026-03-04: Information published.