CVE-2025-62170 – A use-after-free vulnerability in rAthena's ROD... (How to Fix)

Q: What is the severity of CVE-2025-62170?

CVE-2025-62170 has a CVSS score of 7.5 (HIGH). A use-after-free vulnerability in rAthena's RODEX functionality allows unauthenticated attackers to crash the map-server, causing denial of service. This affects all rAthena servers running vulnerable versions before the patch. Game administrators need to patch immediately to prevent server disruption.

📋 TL;DR

A use-after-free vulnerability in rAthena's RODEX functionality allows unauthenticated attackers to crash the map-server, causing denial of service. This affects all rAthena servers running vulnerable versions before the patch. Game administrators need to patch immediately to prevent server disruption.

💻 Affected Systems

Products:

rAthena

Versions: All versions prior to commit af2f3ba

Operating Systems: All platforms running rAthena

Default Config Vulnerable: ⚠️ Yes

Notes: All rAthena installations with RODEX functionality enabled are vulnerable. RODEX is typically enabled by default.

📦 What is this software?

Rathena by Rathena

View all CVEs affecting Rathena →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete map-server crash leading to game service disruption for all players on affected maps, potentially requiring manual server restart.

🟠

Likely Case

Intermittent map-server crashes causing player disconnections and service interruptions until patched.

🟢

If Mitigated

No impact if patched; unpatched servers remain vulnerable to DoS attacks.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The advisory describes a specific attacking scenario but no public exploit code is available. Unauthenticated nature makes exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit af2f3ba or later

Vendor Advisory: https://github.com/rathena/rathena/security/advisories/GHSA-9mj9-8vgv-r92j

Restart Required: Yes

Instructions:

1. Backup current rAthena installation
2. Update to commit af2f3ba or later: git pull origin master
3. Recompile map-server: make clean && make server
4. Restart map-server process

🔧 Temporary Workarounds

Disable RODEX functionality

all

Temporarily disable the RODEX mail system to prevent exploitation

Edit conf/import/mail_conf.txt and set 'enable' to 'no'

🧯 If You Can't Patch

Implement network segmentation to isolate rAthena servers from untrusted networks
Deploy rate limiting or WAF rules to block suspicious RODEX-related traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check git log for commit af2f3ba: git log --oneline | grep af2f3ba

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify current commit includes af2f3ba: git rev-parse HEAD

📡 Detection & Monitoring

Log Indicators:

map-server crash logs
segmentation fault errors in server logs
unexpected map-server process termination

Network Indicators:

Unusual RODEX packet patterns from single sources
Multiple connection attempts to map-server port

SIEM Query:

source="rathena.log" AND ("segmentation fault" OR "crash" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-62170

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.15% exploit probability (35.6th percentile)

Published: October 13, 2025

Last Updated: October 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-62170, you might also want to check these: