CVE-2025-62170

EPSS 0.15%
Veröffentlicht 13.10.2025 17:45:21
Zuletzt bearbeitet 20.10.2025 17:25:25
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of service by crashing the map-server. This issue has been patched in commit af2f3ba. There are no known workarounds aside from manually applying the patch.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rathena ≫ Rathena Version < 2025-10-12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.356

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://github.com/rathena/rathena/security/advisories/GHSA-9mj9-8vgv-r92j

Vendor Advisory

https://github.com/rathena/rathena/commit/af2f3ba33fc03dc6dd510f8cfe84cd9185af748d

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-62170

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62170

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62170

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-62170