What is the CVSS score of CVE-2025-58447?

CVE-2025-58447 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Rathena are affected by CVE-2025-58447?

Organizations using rAthena face critical risk from CVE-2025-58447, a heap-based buffer overflow vulnerability rated CVSS 9.8.. A patch is available.

How to fix or mitigate CVE-2025-58447?

Within 7 days: Identify all affected systems and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Rathena CVE-2025-58447

CRITICAL

Heap-based Buffer Overflow (CWE-122)

2025-09-09 security-advisories@github.com

RCE Buffer Overflow Denial Of Service Heap Overflow Rathena

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:11 vuln.today

Patch released

Mar 28, 2026 - 19:11 nvd

Patch available

CVE Published

Sep 09, 2025 - 23:15 nvd

CRITICAL 9.8

DescriptionNVD

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CA_SSO_LOGIN_REQ with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.

AnalysisAI

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-122. rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted CA_SSO_LOGIN_REQ with an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue. Affected products include: Rathena.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-58447 vulnerability details – vuln.today

Back

Rathena CVE-2025-58447

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code