Integer overflow when parsing packets sent to socket created with network_create_server() causes hard game crash.

Disclosed by
BenjaminUrquhart
  • Engagement Opera Public Bug Bounty
  • Disclosed date 8 months ago
  • Reward $300
  • Priority P3 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Opera Public Bug Bounty

CVE-2025-12501
Integer overflow in GameMaker IDE below 2024.14.0 version could lead to server crashes through denial-of-service attacks (DoS). The vulnerability was found in network_create_server() function.

Summary by BenjaminUrquhart

A malicious client could crash a Gamemaker server that uses network_create_server by sending a specially crafted packet.

Activity