Unauthenticated denial of service leading to application crash in Ts3 manager <=v2.2.1 .
CVE
CVE-2025-61582
Product
TS3 manager
Published
10/1/2025
Researcher
Krishna Agarwal, Swapnil Ade
Summary
A denial-of-service vulnerability was identified in TS3 Manager versions 2.2.1 and earlier due to improper handling of specially crafted Unicode input in the login interface. Submitting certain Unicode tag characters to the Server field triggers an unhandled exception during ASCII conversion, causing the application to crash within seconds. The issue is remotely exploitable without authentication or user interaction and results in complete service disruption.
Proof of Concept
Authentication: Unauthenticated
- In the
Serverfield, input the unicode tag payload ⁽¹⁾ and fill other fields such as username and password. - click on connect.
You should get a notification Cannot convert name to ASCII and application should get crashed in 4-5 seconds.
```
echo "" | hexdump -C
00000000 f3 a0 81 b0 f3 a0 81 b7 f3 a0 81 ae 0a |.............|
0000000d
```
Remediation
This vulnerability has been addressed in TS3 Manager version 2.2.2 and later.