{"id":"CVE-2025-58448","summary":"rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.","details":"rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.","aliases":["GHSA-x99j-36m7-4vv7"],"modified":"2026-04-12T18:40:00.970015Z","published":"2025-09-09T22:12:49.148Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58448.json","cna_assigner":"GitHub_M","cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58448.json"},{"type":"ADVISORY","url":"https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58448"},{"type":"FIX","url":"https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rathena/rathena","events":[{"introduced":"0"},{"fixed":"0d89ae071ff5e46e8dedcf45d060acec84b3abb5"}]}],"database_specific":{"vanir_signatures_modified":"2026-04-12T18:40:00Z","vanir_signatures":[{"id":"CVE-2025-58448-1c08372a","digest":{"function_hash":"134714334644651838487143543423258764305","length":868},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5","target":{"function":"HANDLER_FUNC","file":"src/web/partybooking_controller.cpp"}},{"id":"CVE-2025-58448-9ba90736","digest":{"line_hashes":["168786846792040716610490184518210287721","75749053554033276720504139535088965857","45763971006075405746041165147030097620","277324596200186064821382591434608888607","39878881667286493239577508963265659740","191927943423615678416071564265528298487","252792379955794795058568950399334317323"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5","target":{"file":"src/web/partybooking_controller.cpp"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58448.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2025-09-06"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}