CVE-2025-58447CRITICAL 9.8EPSS p52.4%

CVE-2025-58447CVE-2025-58447

Description

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.82% probability of exploitation · percentile 52.4% · 2026-06-19T12:03:05Z
Published2025-09-09
Last modified2025-09-17

Underlying weaknesses· 2

CWE-122CWE-787

References

  1. https://github.com/rathena/rathena/commit/2f5248b9cd9a8c6b42422ddecfc4cc2cd0e69e4b
  2. https://github.com/rathena/rathena/security/advisories/GHSA-4p33-6xqr-cm6x

2

TypeTargetConfidenceTier
WeaknessHeap-based Buffer Overflowcwe-1220%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-58750
CVE
CVE-2025-58448
CVE
CVE-2026-5260
CVE
CVE-2025-1744
CVE
CVE-2025-24051
CVE
CVE-2025-62452
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.