CVE-2024-54756

Description

A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file.

References

https://seclists.org/fulldisclosure/2025/Feb/11

https://github.com/Chainmanner/GZDoom-Arbitrary-Code-Execution-via-ZScript-PoC

http://seclists.org/fulldisclosure/2025/Feb/11

مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ