CVE-2022-24125

Name of the Vulnerable Software and Affected Versions Dark Souls III versions through 2022-03-19

Description The matchmaking servers allow remote attackers to send arbitrary push requests to clients via a "RequestSendMessageToPlayers" request. This issue is restricted on the client side and can be bypassed with a modified client, potentially allowing the sending of push messages to hundreds of thousands of machines.

Recommendations For versions through 2022-03-19, as a temporary workaround, consider restricting access to the RequestSendMessageToPlayers request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.