CVE-2025-69199
WebSocket Rate Limiting Bypass in Pterodactyl Wings Causes DoS
Publication date: 2026-01-19
Last updated on: 2026-02-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pterodactyl | wings | to 1.12.0 (exc) |
| pterodactyl | wings | 1.12.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability impacts system availability by enabling denial-of-service conditions through uncontrolled resource consumption. However, it does not affect the confidentiality or integrity of data. Therefore, while it may pose operational risks, it does not directly compromise compliance with data protection standards such as GDPR or HIPAA, which primarily focus on data confidentiality and integrity. [1]
Can you explain this vulnerability to me?
This vulnerability affects the Wings server control plane for Pterodactyl versions prior to 1.12.0. The WebSocket endpoints lack proper rate limiting and throttling, allowing a malicious user to open thousands of WebSocket connections and send or request excessive amounts of data. This leads to uncontrolled consumption of network bandwidth, CPU, and memory resources on the host system, potentially causing denial-of-service (DoS) conditions. There are no limits on the number of connections, request rates, or message sizes, making the system vulnerable to overload attacks. [1]
How can this vulnerability impact me? :
The vulnerability can cause denial-of-service (DoS) conditions by overloading the host system's network, CPU, and memory resources. An attacker can exploit it remotely with low privileges and no user interaction, leading to system unavailability and degraded performance. This impacts the availability of the Wings server control plane, potentially disrupting game server management operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for an unusually high number of WebSocket connections to the Wings server, as well as excessive data volume being sent or received over these connections. Network monitoring tools can be used to identify spikes in WebSocket traffic and resource usage (CPU and memory) on the host system. Specific commands are not provided in the resources, but general approaches include using network analysis tools like 'netstat' or 'ss' to count WebSocket connections, and system monitoring tools like 'top', 'htop', or 'vmstat' to observe CPU and memory usage. Additionally, inspecting logs for repeated or excessive WebSocket connection attempts may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Wings package to version 1.12.0 or later, where the vulnerability has been patched by implementing proper rate limiting and throttling on WebSocket connections. Until the upgrade can be applied, consider implementing network-level controls such as limiting the number of concurrent WebSocket connections allowed, applying rate limiting on WebSocket traffic via firewall or proxy, and monitoring resource usage to detect and respond to attacks. [1]