CVE-2025-61043

CRITICAL EPSS 33.6%

Published Oct 28, 20258mo ago · Modified Jun 17, 20261w ago

9.1 CVSS 3.1

Critical

Published Oct 28, 2025 8mo ago

Last Modified Jun 17, 2026 1w ago

Description

An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.

CVSS Details

Base Score

9.1

Exploitability

3.9

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

33.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

References 1

tzh00203.notion.site https://tzh00203.notion.site/Monkey-s-Audio-Out-of-Bounds-Read-Vulnerability-Report-version-11-31-249b5c52018a80739852d0d9660994c9?source=copy_link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.