Medium severity6.4NVD Advisory· Published Mar 23, 2025· Updated Apr 15, 2026

CVE-2018-25109

Description

A vulnerability has been found in Nintendo Animal Crossing, Doubutsu no Mori+ and Doubutsu no Mori e+ 1.00/1.01 on GameCube and classified as critical. Affected by this vulnerability is an unknown functionality of the component Letter Trigram Handler. The manipulation leads to memory corruption. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Memory corruption vulnerability in Animal Crossing's letter trigram handler allows potential code execution through crafted letters.

Vulnerability

Analysis The vulnerability affects the letter trigram handler, a component that checks the first three characters of words in letters sent to villagers. The game maintains lookup tables for each letter of the alphabet to validate trigrams. A flaw in this handler can cause memory corruption when processing specially crafted letter content [2].

Exploitation

Exploiting this vulnerability requires an attacker with physical access to a GameCube console and the ability to send a malicious letter to a villager. The attack complexity is high, as the exact conditions to trigger the memory corruption are specific and require careful construction of the letter's text. The exploit has been publicly disclosed, making it accessible to potential attackers.

Impact

Successful exploitation can lead to memory corruption, potentially allowing an attacker to execute arbitrary code within the game's memory space. This could enable the attacker to gain full control over the game's execution, including the ability to load custom code from a memory card.

Mitigation

As of the publication date, no official patch has been released by Nintendo, and the game is no longer supported. Users are advised to be cautious when opening letters in-game and avoid using untrusted memory cards.

References

Exploring Animal Crossing’s Bugged Trigram Check

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Nintendo/Animal Crossingllm-create
Range: 1.00/1.01
Nintendo/Doubutsu no Mori+llm-create
Range: 1.00/1.01

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.416
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000