CVE-2025-54065
📋 TL;DR
CVE-2025-54065 is a critical memory corruption vulnerability in GZDoom that allows arbitrary code execution through crafted ZScript actor state handling. Attackers can manipulate FState and VMFunction structures to execute malicious bytecode. This affects all users running GZDoom versions 4.14.2 and earlier.
💻 Affected Systems
- GZDoom
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary code execution, potentially leading to malware installation, data theft, or ransomware deployment.
Likely Case
Game crashes, save file corruption, or remote code execution when loading malicious game mods or maps from untrusted sources.
If Mitigated
Limited to denial of service if execution is constrained by sandboxing or privilege restrictions.
🎯 Exploit Status
Exploitation requires loading malicious ZScript content, which could be embedded in game mods, maps, or save files. No authentication is required once malicious content is loaded.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.14.3 and later
Vendor Advisory: https://github.com/ZDoom/gzdoom/security/advisories/GHSA-prhc-chfw-32jg
Restart Required: Yes
Instructions:
1. Download GZDoom 4.14.3 or later from official sources. 2. Replace existing installation with new version. 3. Restart the application.
🔧 Temporary Workarounds
Disable ZScript Loading
allPrevent loading of ZScript content which is required for exploitation
Not applicable - configuration setting in GZDoom
Sandbox Execution
linuxRun GZDoom in a restricted environment or container
docker run --security-opt=no-new-privileges -it gzdoom
🧯 If You Can't Patch
- Only load game content from trusted, verified sources
- Run GZDoom with minimal user privileges and in isolated environments
🔍 How to Verify
Check if Vulnerable:
Check GZDoom version in application or via command: gzdoom --versionCheck Version:
gzdoom --version | grep -o 'GZDoom [0-9.]*'Verify Fix Applied:
Verify version is 4.14.3 or higher and test loading known safe ZScript content📡 Detection & Monitoring
Log Indicators:
- Unexpected memory access violations
- ZScript parsing errors
- Game crashes with memory corruption signatures
Network Indicators:
- Downloads of suspicious game mods/maps from untrusted sources
SIEM Query:
Process:gzdoom AND (EventID:1000 OR ExceptionCode:c0000005)