CVE-2025-58750 – This CVE describes a buffer overflow vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-58750?

CVE-2025-58750 has a CVSS score of 8.2 (HIGH). This CVE describes a buffer overflow vulnerability in rAthena MMORPG server software where missing bounds checking in the character slot movement function allows attackers to read and write out of bounds using user input. This could lead to memory corruption, crashes, or potential remote code execution. All rAthena servers running versions before commit 0cc348b are affected.

📋 TL;DR

This CVE describes a buffer overflow vulnerability in rAthena MMORPG server software where missing bounds checking in the character slot movement function allows attackers to read and write out of bounds using user input. This could lead to memory corruption, crashes, or potential remote code execution. All rAthena servers running versions before commit 0cc348b are affected.

💻 Affected Systems

Products:

rAthena MMORPG Server

Versions: All versions prior to commit 0cc348b186bbcc3c604c17c39589a319f27d469b

Operating Systems: All platforms supported by rAthena (Windows, Linux, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: All rAthena installations using the vulnerable code path are affected regardless of configuration.

📦 What is this software?

Rathena by Rathena

View all CVEs affecting Rathena →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, or server becoming part of a botnet.

🟠

Likely Case

Server crashes, denial of service, or memory corruption causing instability and potential data loss.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially just crashes affecting availability.

🌐 Internet-Facing: HIGH - Game servers are typically internet-facing and accept connections from untrusted clients.

🏢 Internal Only: MEDIUM - Internal servers still face risk from compromised clients or insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted packets to the vulnerable function, but specific exploit details are not publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 0cc348b186bbcc3c604c17c39589a319f27d469b or later

Vendor Advisory: https://github.com/rathena/rathena/security/advisories/GHSA-pjh7-jgr8-4ff6

Restart Required: Yes

Instructions:

1. Update rAthena to commit 0cc348b or later. 2. Recompile the server. 3. Restart the rAthena service.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to the game server port to trusted IP addresses only.

iptables -A INPUT -p tcp --dport [GAME_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [GAME_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate the game server from critical infrastructure.
Deploy intrusion detection/prevention systems to monitor for anomalous packet patterns.

🔍 How to Verify

Check if Vulnerable:

Check if your rAthena installation is using a commit hash earlier than 0cc348b186bbcc3c604c17c39589a319f27d469b.

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify the current commit hash is 0cc348b186bbcc3c604c17c39589a319f27d469b or later.

📡 Detection & Monitoring

Log Indicators:

Server crashes or segmentation faults
Unusual memory access errors in logs
Abnormal disconnections during character slot operations

Network Indicators:

Malformed packets to the game server port
Unusual packet sizes or patterns in character movement requests

SIEM Query:

source="*rathena*" AND ("segmentation fault" OR "out of bounds" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2025-58750

CVSS v3 Score: 8.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE: CWE-119

EPSS Score: 0.04% exploit probability (11.2th percentile)

Published: September 9, 2025

Last Updated: September 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58750, you might also want to check these: