CVE-2025-34449CRITICAL 9.1EPSS p26.3%

CVE-2025-34449CVE-2025-34449

Description

Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.34% probability of exploitation · percentile 26.3% · 2026-06-18T12:00:27Z
Published2025-12-18
Last modified2026-01-03

Underlying weaknesses· 1

CWE-502

References

  1. https://github.com/Genymobile/scrcpy/commit/3e40b24
  2. https://github.com/Genymobile/scrcpy/issues/6415
  3. https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003-scrcpy-global-buffer-overflow.md
  4. https://www.vulncheck.com/advisories/genymobile-scrcpy-global-buffer-overflow
  5. https://github.com/marlinkcyber/advisories/blob/main/advisories/MCSAID-2025-003-scrcpy-global-buffer-overflow.md

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-34468
CVE
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
CVE
CVE-2025-23099
CVE
CVE-2025-23103
CVE
CVE-2025-23107
CVE
CVE-2025-53966
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.