CVE-2025-54065 is a vulnerability classified under CWE-913 (Improper Control of Dynamically-Managed Code Resources) affecting GZDoom, an open-source port of the Doom engine used for running Doom engine games. Specifically, versions 4.14.2 and earlier are vulnerable due to flaws in the ZScript actor state handling mechanism. ZScript allows scripts to manipulate actor states, but in these versions, scripts can read arbitrary memory addresses and write constants directly into the JIT-compiled code section. By crafting malicious FState and VMFunction structures, an attacker can redirect the control flow of the program, effectively causing the execution of attacker-controlled bytecode. This leads to arbitrary code execution within the application context, compromising the confidentiality and integrity of the system. The vulnerability requires local access with low privileges and some user interaction, such as running a malicious script, but does not require elevated privileges initially. The CVSS v3.1 score is 7.8 (high severity), reflecting the significant impact on confidentiality and integrity, with no impact on availability. Currently, there are no known exploits in the wild, and no official patches have been published, indicating the need for proactive mitigation and monitoring. The vulnerability is particularly critical because it abuses the dynamic code generation and execution features of the JIT compiler, which are typically trusted components. This flaw could be exploited in environments where users run or develop custom ZScript code or mods, such as gaming communities or software development teams using GZDoom.

For European organizations, the impact of CVE-2025-54065 can be significant, especially those involved in gaming, software development, or digital entertainment sectors where GZDoom is used. Successful exploitation allows attackers to execute arbitrary code, potentially leading to unauthorized access to sensitive data, manipulation of game logic or software behavior, and compromise of the host system’s integrity. Although the vulnerability requires local access and user interaction, it could be exploited in multi-user environments or through social engineering to run malicious scripts. This could lead to lateral movement within networks or serve as a foothold for further attacks. Confidentiality is highly impacted as arbitrary memory reads are possible, and integrity is compromised due to arbitrary code execution. Availability is not directly affected. The lack of known exploits in the wild provides a window for organizations to implement mitigations before active exploitation occurs. However, the presence of JIT code manipulation increases the risk of sophisticated attacks that evade traditional detection methods. Organizations relying on GZDoom for development or entertainment should consider the risk of insider threats or compromised user accounts that could trigger exploitation.

1. Restrict execution of untrusted or user-generated ZScript code within GZDoom environments, limiting script permissions and sandboxing script execution where possible. 2. Monitor and audit script activities for unusual behavior, such as attempts to manipulate FState or VMFunction structures or unexpected memory access patterns. 3. Educate users and developers about the risks of running unverified scripts and enforce strict code review policies for custom mods or scripts. 4. Isolate GZDoom instances in virtualized or containerized environments to limit the impact of potential exploitation on host systems. 5. Implement host-based intrusion detection systems (HIDS) that can detect anomalous JIT code modifications or control flow redirections. 6. Prepare for rapid deployment of official patches once released by the vendor; track vendor communications closely. 7. Limit local user privileges to the minimum necessary to reduce the risk of exploitation from low-privilege accounts. 8. Consider network segmentation to prevent lateral movement if a compromise occurs. 9. Regularly update all related software components and dependencies to reduce the attack surface. 10. Engage with the GZDoom community and security forums to stay informed about emerging threats and mitigation techniques.