Home > Vulnerability Database > CVE-2025-54065

Mend.io Vulnerability Database

CVE-2025-54065

Good to know:

Date: December 3, 2025

GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, and redirect control flow through crafted FState and VMFunction structures. A script can copy FState structures into a writable buffer, modify function pointers and state transitions, and cause execution of attacker-controlled bytecode, leading to arbitrary code execution.

Severity Score

7.9

Related Resources (3)

Url: https://github.com/ZDoom/gzdoom/security/advisories/GHSA-prhc-chfw-32jg

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54065

Url: https://www.mend.io/vulnerability-database/CVE-2025-54065

Severity Score

7.9

Weakness Type (CWE)

Improper Control of Dynamically-Managed Code Resources

CWE-913

CVSS v3.1

Base Score:	7.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54065

Good to know:

Date: December 3, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?