CVE-2025-58448 | THREATINT

Description

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.

PUBLISHED Reserved 2025-09-01 | Published 2025-09-09 | Updated 2025-09-10 | Assigner GitHub_M

CRITICAL: 9.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

< 0d89ae0

affected

References

github.com/...athena/security/advisories/GHSA-x99j-36m7-4vv7

github.com/...ommit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5

cve.org (CVE-2025-58448)

nvd.nist.gov (CVE-2025-58448)

Download JSON