CVE-2025-69197

Name of the Vulnerable Software and Affected Versions Pterodactyl versions 1.11.11 and below

Description Pterodactyl, a game server management panel, has an issue where Time-based One-Time Password (TOTP) can be reused during its validity window. When a user with two-factor authentication (2FA) enabled signs in, the system does not properly mark the entered token as used. This allows an attacker who has intercepted a valid TOTP token, such as during a screen share, to use it multiple times in conjunction with a known username and password within the 60-second validity period of the token.

Recommendations Update to version 1.12.0 or later.