This House Is Haunted: a Decade-Old Rce in the Aion Client
Posted4 months ago
appsec.spaceSecuritystory
informativenegative
Debate
20/100
Npm VulnerabilitiesRce ExploitAion Client Security
Key topics
Npm Vulnerabilities
Rce Exploit
Aion Client Security
Discussion Activity
Light discussionFirst comment
N/A
Peak period
1
Start
Avg / period
1
Key moments
- 01Story posted
Aug 26, 2025 at 12:05 PM EDT
4 months ago
Step 01 - 02First comment
Aug 26, 2025 at 12:05 PM EDT
0s after posting
Step 02 - 03Peak activity
1 comments in Start
Hottest window of the conversation
Step 03 - 04Latest activity
Aug 26, 2025 at 12:05 PM EDT
4 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
Discussion (1 comments)
Showing 1 comments
_zetaAuthor
4 months ago
Exploring how AION’s old housing system, introduced over 10 years ago, left the client vulnerable to remote code execution through Lua scripting. Even though official servers removed the feature years ago, it’s still alive (and exploitable) in legacy versions.
Write-up: https://appsec.space/posts/aion-housing-exploit/
View full discussion on Hacker News
ID: 45028440Type: storyLast synced: 11/18/2025, 12:08:20 AM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.