CVE-2025-69809
Write-What-Where Vulnerability in p2r3 Bareiron Enables Remote Code Execution
Publication date: 2026-03-16
Last updated on: 2026-04-27
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| p2r3 | bareiron | 2025-09-16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-123 | Any condition where the attacker has the ability to write an arbitrary value to an arbitrary location, often as the result of a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-69809 is a critical vulnerability in the p2r3 Bareiron game that allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution.'}, {'type': 'paragraph', 'content': 'The flaw exists in the function `cs_clickContainer`, which handles container click events from clients. It arises because the slot index, derived from client input, is not properly validated before use.'}, {'type': 'paragraph', 'content': "Depending on the window ID, the slot index is used to calculate pointers into either the player's inventory or chest storage memory. When the window ID indicates a chest and the slot index is greater than 40, the code calculates pointers into chest storage memory without checking if the slot index is valid."}, {'type': 'paragraph', 'content': 'This lack of validation allows an attacker to supply crafted slot values that cause pointers to point to arbitrary memory locations. When the code writes data to these pointers, it effectively overwrites arbitrary memory, including critical game structures.'}, {'type': 'paragraph', 'content': 'This arbitrary memory write capability can be exploited to manipulate internal pointers and gain full arbitrary memory write access, potentially leading to arbitrary code execution.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows an attacker to perform arbitrary memory writes, which can lead to arbitrary code execution within the affected game environment.'}, {'type': 'paragraph', 'content': "An attacker could exploit this flaw to manipulate critical game data structures, potentially gaining unauthorized control over the game's memory and behavior."}, {'type': 'paragraph', 'content': 'Such control could be used to cheat, disrupt gameplay, corrupt data, or execute malicious code, compromising the integrity and security of the game.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "Detection of this vulnerability involves monitoring for crafted packets that exploit the improper validation of the slot index in the game's inventory management system."}, {'type': 'paragraph', 'content': 'Specifically, you should look for packets where the slot index value is unusually high (greater than 40) when the window_id equals 2, as these can trigger arbitrary memory writes.'}, {'type': 'paragraph', 'content': 'Commands or tools that can capture and analyze network traffic, such as tcpdump or Wireshark, can be used to inspect packets sent to the affected service.'}, {'type': 'list_item', 'content': 'Use tcpdump to capture packets on the relevant port: tcpdump -i <interface> port <game_port> -w capture.pcap'}, {'type': 'list_item', 'content': 'Analyze captured packets with Wireshark to filter for packets containing slot index values greater than 40 when window_id is 2.'}, {'type': 'list_item', 'content': 'Implement logging or debugging on the server side to detect when the function processing container clicks (`cs_clickContainer`) receives slot indices outside the expected range.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating and sanitizing the slot index input in the affected function to ensure it does not exceed expected bounds.
Specifically, ensure that when window_id equals 2 (indicating a chest), the slot index is checked to be within the valid range (not greater than 40) before using it to calculate memory pointers.
If a patch or updated version of the software is available that fixes this validation issue, apply it as soon as possible.
Additionally, consider implementing network-level protections such as firewall rules to restrict access to the vulnerable service and monitoring for suspicious activity.