HIGH🇬🇧 English

CVE-2025-69199

CVSS 8.3v4.0pub. 2026-01-19upd. 2026-02-02

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Pterodactyl Wings

    APP
    Pterodactyl
    < 1.12.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-27102CRITICAL9.9PL ✓ten sam produkt

Path Traversal w Pterodactyl Wings — dostęp do plików poza sandbox

CVE-2023-32080CRITICAL9.0ten sam produkt

Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and...

CVE-2023-25168CRITICAL9.6ten sam produkt

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories re...

CVE-2026-21696HIGH8.3ten sam produkt

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting ...

CVE-2025-68954HIGH7.5ten sam produkt

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke acti...

CVE-2025-69199 — HIGH 8.3 | CVEbaza.pl