CVE-2025-58447
Published: 09 September 2025
Summary
CVE-2025-58447 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Rathena Rathena. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 36.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates validation of information inputs like token lengths in login packets to prevent heap buffer overflows from oversized data.
Requires timely remediation of known flaws such as this buffer overflow via patches like commit 2f5248b to eliminate the vulnerability.
Implements memory protections to mitigate heap corruption exploitation for remote code execution even if overflow occurs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Heap buffer overflow in exposed login server component directly enables remote unauthenticated exploitation of a public-facing application for RCE or DoS.
NVD Description
rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a heap-based buffer overflow in the login server, remote attacker to overwrite adjacent session fields by sending a crafted `CA_SSO_LOGIN_REQ` with…
more
an oversized token length. This leads to immediate denial of service (crash) and it is possible to achieve remote code execution via heap corruption. Commit 2f5248b fixes the issue.
Deeper analysisAI
CVE-2025-58447 is a heap-based buffer overflow vulnerability (CWE-122, CWE-787) in the login server component of rAthena, an open-source cross-platform massively multiplayer online role-playing game (MMORPG) server. The flaw affects versions prior to commit 2f5248b and is triggered by processing a crafted CA_SSO_LOGIN_REQ packet with an oversized token length, allowing a remote attacker to overwrite adjacent session fields in heap memory. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact exploitation.
A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted login packet to the rAthena login server over the network. Successful exploitation reliably causes an immediate denial-of-service condition via server crash from heap corruption. Additionally, attackers may achieve remote code execution by leveraging the heap overflow to manipulate control flow or execute arbitrary code, depending on the specific heap layout and mitigations in place.
The rAthena project addressed the issue in commit 2f5248b, available at https://github.com/rathena/rathena/commit/2f5248b9cd9a8c6b42422ddecfc4cc2cd0e69e4b, which includes bounds checking to prevent the overflow. Further details and mitigation guidance are provided in the GitHub security advisory at https://github.com/rathena/rathena/security/advisories/GHSA-4p33-6xqr-cm6x. Security practitioners running rAthena servers should update to the fixed commit or later versions immediately.
Details
- CWE(s)