Browse all 7 CVE security advisories affecting rAthena. AI-powered Chinese analysis, POCs, and references for each vulnerability.
rAthena is a popular open-source MMORPG server emulator primarily used for hosting Ragnarok Online private servers. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with seven CVEs documented. Security researchers have identified common weaknesses in its handling of network packets and insufficient input validation, which could allow attackers to execute arbitrary code or compromise server integrity. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights the need for careful hardening and regular updates when deploying rAthena in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62170 | rAthena map-server use-after-free vulnerability in RODEX — rathenaCWE-416 | 7.5 | High | 2025-10-13 |
| CVE-2025-58750 | rAthena missing bound check in chclif_parse_moveCharSlot — rathenaCWE-119 | 8.2 | High | 2025-09-09 |
| CVE-2025-58448 | rAthena has SQL Injection in PartyBooking component via `WorldName` parameter. — rathenaCWE-89 | 9.1 | Critical | 2025-09-09 |
| CVE-2025-58447 | rAthena has heap-based buffer overflow in login server — rathenaCWE-122 | 9.8 | Critical | 2025-09-09 |
This page lists every published CVE security advisory associated with rAthena. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.