RetroDebugger implements a debugger that handles user‑supplied input for memory inspection. An out‑of‑bounds read allows the debugger to read memory locations outside the intended buffer, potentially exposing internal data or configuration information to the caller. This vulnerability belongs to CWE-125, which describes an access beyond the bounds of allocated memory and can lead to unintended disclosure of confidential information.

The flaw affects all releases of RetroDebugger before version 0.64.72. Users running any earlier version of the tool, regardless of the operating system, are at risk if the debugger is accessed by an adversary capable of crafting malicious inspection requests.

The CVSS score of 9.1 indicates a high severity rating, reflecting the potential for significant data exposure. No EPSS score is available, and the vulnerability is not yet listed in the CISA KEV catalog. Because the attack requires interacting with the debugger interface, the most likely vectors are local or remote access to the machine where the debugger is running, but the description does not explicitly state the required privilege level. The risk assessment therefore relies on the high severity score and the nature of the flaw rather than on documented exploitation evidence.