CVE-2025-69199Uncontrolled Resource Consumption in Panel

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling5 documents4 sources
Severity
8.3HIGHNVD
EPSS
0.1%
top 80.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pterodactyl PanelGithub.com Pterodactyl WingsPterodactyl Wings
Timeline
PublishedJan 19
Latest updateFeb 3

Description

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request data through these sockets, causing an excessive volume of data over the network and overloading the host system memory and cpu. Additionally, there is not a limit applied to the total size of messages being sent or receive

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H

Affected Packages3 packages

NVDpterodactyl/wings< 1.12.0
CVEListV5pterodactyl/panel< 1.12.0

🔴Vulnerability Details

3
OSV
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks in github.com/pterodactyl/wings2026-02-03
OSV
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks2026-01-20
GHSA
Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks2026-01-20

🕵️Threat Intelligence

1
Wiz
CVE-2025-69199 Impact, Exploitability, and Mitigation Steps | Wiz