CVE-2025-58447
CRITICALDescription
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| rathena | rathena |
References
Frequently Asked Questions
What is CVE-2025-58447? +
How severe is CVE-2025-58447? +
What products are affected by CVE-2025-58447? +
How do I check if I'm vulnerable to CVE-2025-58447? +
Related Vulnerabilities
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from …
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to …