CVE-2025-58750CRITICAL 9.1EPSS p19.5%

CVE-2025-58750CVE-2025-58750

Description

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0cc348b are missing a bound check in `chclif_parse_moveCharSlot` that can result in reading and writing out of bounds using input from the user. The problem has been fixed in commit 0cc348b.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.28% probability of exploitation · percentile 19.5% · 2026-06-18T12:00:27Z
Published2025-09-09
Last modified2025-09-17

Underlying weaknesses· 3

CWE-119CWE-125CWE-787

References

  1. https://github.com/rathena/rathena/commit/0cc348b186bbcc3c604c17c39589a319f27d469b
  2. https://github.com/rathena/rathena/security/advisories/GHSA-pjh7-jgr8-4ff6

3

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live
WeaknessOut-of-bounds Readcwe-1250%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-58447
CVE
CVE-2025-58448
CVE
CVE-2025-1744
CVE
CVE-2025-1674
CVE
CVE-2026-22214
CVE
CVE-2025-33076
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.