{"id":"CVE-2025-62170","summary":"rAthena map-server use-after-free vulnerability in RODEX","details":"rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can exploit this vulnerability via a specific attacking scenario to cause a denial of service by crashing the map-server. This issue has been patched in commit af2f3ba. There are no known workarounds aside from manually applying the patch.","aliases":["GHSA-9mj9-8vgv-r92j"],"modified":"2026-04-12T18:28:22.541890Z","published":"2025-10-13T17:45:21.365Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62170.json","cwe_ids":["CWE-416"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62170.json"},{"type":"ADVISORY","url":"https://github.com/rathena/rathena/security/advisories/GHSA-9mj9-8vgv-r92j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62170"},{"type":"FIX","url":"https://github.com/rathena/rathena/commit/af2f3ba33fc03dc6dd510f8cfe84cd9185af748d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rathena/rathena","events":[{"introduced":"0"},{"fixed":"af2f3ba33fc03dc6dd510f8cfe84cd9185af748d"}]}],"database_specific":{"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["91595157655414875125086921230585936607","53300854127239451403356137490628356413","20727099528220984797387928030078801990","223072794530816846940957650644608952197"]},"source":"https://github.com/rathena/rathena/commit/af2f3ba33fc03dc6dd510f8cfe84cd9185af748d","signature_type":"Line","target":{"file":"src/map/clif.cpp"},"id":"CVE-2025-62170-1bcfcfb1","deprecated":false},{"signature_version":"v1","digest":{"length":541,"function_hash":"94505584308281800904346972716984000189"},"source":"https://github.com/rathena/rathena/commit/af2f3ba33fc03dc6dd510f8cfe84cd9185af748d","signature_type":"Function","target":{"function":"clif_mail_removeitem","file":"src/map/clif.cpp"},"id":"CVE-2025-62170-3eaeeb9c","deprecated":false}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62170.json","vanir_signatures_modified":"2026-04-12T18:28:22Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2025-10-12"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}