CVE-2025-69198

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.12.0

Description Pterodactyl is a game server management panel that applies rate limits to resources like databases, port allocations, and backups on a per-server basis. In versions before 1.12.0, a malicious user could bypass these limits by sending a large number of requests simultaneously. The validation process doesn't lock resources during processing, allowing multiple requests to create resources exceeding the configured limits. This could lead to resource exhaustion for other users, excessive node allocation consumption, or rapid backup space filling. The issue arises from the timing of validation occurring before resource locking during the request cycle.

Recommendations Update to Pterodactyl version 1.12.0 or later.