CVE-2025-69199
📋 TL;DR
This vulnerability allows attackers to perform denial-of-service attacks against Pterodactyl Wings servers by exploiting missing rate limiting and message size limits in websocket connections. Malicious users can open thousands of connections and send massive data volumes, overwhelming network, CPU, and memory resources. All Pterodactyl installations using Wings versions before 1.12.0 are affected.
💻 Affected Systems
- Pterodactyl Wings
📦 What is this software?
Wings by Pterodactyl
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption with Wings server becoming unresponsive, potentially affecting all managed game servers and causing extended downtime.
Likely Case
Performance degradation leading to game server lag, connection drops, and intermittent service interruptions.
If Mitigated
Minimal impact with proper network segmentation and monitoring allowing quick detection and response.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and uses standard websocket protocols.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.12.0
Vendor Advisory: https://github.com/pterodactyl/panel/security/advisories/GHSA-8w7m-w749-rx98
Restart Required: Yes
Instructions:
1. Stop all Wings services. 2. Update Wings to version 1.12.0 using your package manager or manual installation. 3. Restart Wings services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Network Rate Limiting
linuxImplement network-level rate limiting using firewall or load balancer rules to restrict websocket connections per IP.
iptables -A INPUT -p tcp --dport 8080 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 8080 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP
Websocket Connection Limits
allConfigure reverse proxy (nginx/apache) to limit websocket connections and message sizes.
nginx config: limit_conn_zone $binary_remote_addr zone=wslimit:10m;
nginx location: limit_conn wslimit 10;
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Wings servers from untrusted networks.
- Deploy network monitoring and alerting for abnormal websocket connection patterns.
🔍 How to Verify
Check if Vulnerable:
Check Wings version with 'wings --version' or examine package manager. If version is below 1.12.0, system is vulnerable.Check Version:
wings --versionVerify Fix Applied:
After updating, verify version is 1.12.0 or higher and test websocket functionality remains operational.📡 Detection & Monitoring
Log Indicators:
- Unusually high number of websocket connections in Wings logs
- Memory or CPU usage spikes in system logs
- Connection timeout errors
Network Indicators:
- High volume of websocket traffic from single IPs
- Abnormal packet sizes in websocket communications
- Increased network latency
SIEM Query:
source="wings.log" AND ("websocket" AND "connection") | stats count by src_ip | where count > 100