CVE-2025-58447

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: rAthena versions prior to commit 2f5248b

Description: rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. A heap-based buffer overflow exists in the login server. Sending a crafted CA SSO LOGIN REQ packet with an oversized token length to the server can overwrite adjacent session fields, leading to a denial of service (crash). It may be possible to achieve remote code execution via heap corruption. The vulnerability is triggered by the CA SSO LOGIN REQ packet and involves an oversized token length.

Recommendations: Update to commit 2f5248b or later.

Exploit

Fix

DoS

RCE

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2025-58447

GHSA-4P33-6XQR-CM6X

Affected Products

Rathena

CVE-2025-58447

Weakness Enumeration

Related Identifiers

Affected Products

References · 8