Description

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted FState and VMFunction structures. A script can copy FState structures into a writable buffer, modify function pointers and state transitions, and cause execution of attacker-controlled bytecode, leading to arbitrary code execution.

INFO

Published Date :

2025-12-03T17:02:56.603Z

Last Modified :

2025-12-03T21:39:49.369Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54065 vulnerability.

Vendors Products
Zdoom
  • Gzdoom
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54065.

URL Resource
https://github.com/ZDoom/gzdoom/security/advisories/GHSA-prhc-chfw-32jg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact