CVE-2025-58448 - Vulnerability Details - OpenCVE

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Rathena	Rathena

No data.

No data.

References

Link	Providers
https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5
https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7

History

Fri, 12 Sep 2025 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Rathena Rathena rathena
Vendors & Products		Rathena Rathena rathena

Wed, 10 Sep 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 09 Sep 2025 22:30:00 +0000

Type	Values Removed	Values Added
Description		rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue.
Title		rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.
Weaknesses		CWE-89
References		https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5 https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-09-09T22:12:49.148Z

Updated: 2025-09-10T19:29:20.032Z

Reserved: 2025-09-01T20:03:06.533Z

Link: CVE-2025-58448

Vulnrichment

Updated: 2025-09-10T19:29:00.572Z

NVD

Status : Awaiting Analysis

Published: 2025-09-09T23:15:36.687

Modified: 2025-09-11T17:14:10.147

Link: CVE-2025-58448

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58448", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-09-01T20:03:06.533Z", "datePublished": "2025-09-09T22:12:49.148Z", "dateUpdated": "2025-09-10T19:29:20.032Z"}, "containers": {"cna": {"title": "rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7"}, {"name": "https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5", "tags": ["x_refsource_MISC"], "url": "https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5"}], "affected": [{"vendor": "rathena", "product": "rathena", "versions": [{"version": "< 0d89ae0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-09T22:12:49.148Z"}, "descriptions": [{"lang": "en", "value": "rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue."}], "source": {"advisory": "GHSA-x99j-36m7-4vv7", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-10T19:28:55.369140Z", "id": "CVE-2025-58448", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T19:29:20.032Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-58448", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-10T19:28:55.369140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T19:29:00.572Z"}}], "cna": {"title": "rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.", "source": {"advisory": "GHSA-x99j-36m7-4vv7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "rathena", "product": "rathena", "versions": [{"status": "affected", "version": "< 0d89ae0"}]}], "references": [{"url": "https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7", "name": "https://github.com/rathena/rathena/security/advisories/GHSA-x99j-36m7-4vv7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5", "name": "https://github.com/rathena/rathena/commit/0d89ae071ff5e46e8dedcf45d060acec84b3abb5", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via `WorldName` parameter. Commit 0d89ae0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-09-09T22:12:49.148Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58448", "state": "PUBLISHED", "dateUpdated": "2025-09-10T19:29:20.032Z", "dateReserved": "2025-09-01T20:03:06.533Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-09-09T22:12:49.148Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}