Browse all 7 CVE security advisories affecting rathena. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62797 | CSRF in FluxCP account endpoints allows account takeover / state-changing actions — FluxCPCWE-352 | 8.8AI | HighAI | 2025-10-29 |
| CVE-2025-62170 | rAthena map-server use-after-free vulnerability in RODEX — rathenaCWE-416 | 7.5 | High | 2025-10-13 |
| CVE-2025-58750 | rAthena missing bound check in chclif_parse_moveCharSlot — rathenaCWE-119 | 8.2 | High | 2025-09-09 |
| CVE-2025-58448 | rAthena has SQL Injection in PartyBooking component via `WorldName` parameter. — rathenaCWE-89 | 9.1 | Critical | 2025-09-09 |
| CVE-2025-58447 | rAthena has heap-based buffer overflow in login server — rathenaCWE-122 | 9.8 | Critical | 2025-09-09 |
| CVE-2024-45799 | Javascript Injection in Vending Info/Buyers Info Module in FluxCP — FluxCPCWE-79 | 7.3 | High | 2024-09-16 |
| CVE-2022-4421 | rAthena FluxCP Service Desk Image URL view.php cross site scripting — FluxCPCWE-707 | 3.5 | Low | 2022-12-12 |
This page lists every published CVE security advisory associated with rathena. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.