Use-After-Free Vulnerability in rAthena Map-Server Affecting Open-Source MMORPG
CVE-2025-62170

7.5HIGH

Key Information:

Vendor: Rathena
Status: Rathena
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-62170?

A use-after-free vulnerability has been identified in the RODEX functionality of the rAthena map-server, impacting versions prior to commit af2f3ba. This flaw allows unauthenticated attackers to exploit the vulnerability through a specific attack vector, potentially leading to a denial of service by crashing the map-server. Users are advised to apply the patch available in commit af2f3ba to mitigate this issue, as no known workarounds are currently available.

Affected Version(s)

rathena < af2f3ba33fc03dc6dd510f8cfe84cd9185af748d

References

https://github.com/rathena/rathena/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/rathena/rathena/commit/af2f3ba33fc03dc...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Oct 7, 2025

JSON

Rathena

What is CVE-2025-62170?

Affected Version(s)

References

CVSS V3.1

Timeline