Is github.com/pterodactyl/wings affected by CVE-2025-69199?

Go github.com/pterodactyl/wings is affected in <1.12.0.

Is CVE-2025-69199 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

medium

CVE-2025-69199

Q: Is CVE-2025-69199 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

Go · github.com/pterodactyl/wings

Summary

Pterodactyl websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks in github.com/pterodactyl/wings

Severity: medium
EPSS: 0.3% (p16)
Also known as: GHSA-8w7m-w749-rx98, GO-2026-4331
Published: 2026-02-03

References

https://github.com/pterodactyl/panel/security/advisories/GHSA-8w7m-w749-rx98
https://nvd.nist.gov/vuln/detail/CVE-2025-69199
https://github.com/pterodactyl/panel/commit/09caa0d4995bd924b53b9a9e9b4883ac27bd5607

Related advisories

GHSA-hr7j-63v7-vj7g — medium · Go/github.com/pterodactyl/wings
CVE-2026-21696 — medium · Go/github.com/pterodactyl/wings
CVE-2025-68954 — medium · Go/github.com/pterodactyl/wings

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.