GHSA-fhw8-8v9p-7jp7

Опубликовано: 09 окт. 2025

Источник: github

Github: Прошло ревью

CVSS3: 9.6

Описание

BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary

Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution (RCE).

Impact

A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system.

Ссылки

Пакеты

Наименование

bbot

pip

Затронутые версииВерсия исправления

< 2.7.0

2.7.0

EPSS

Процентиль: 49%

0.00256

Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2025-10284

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-10284

CVSS3: 9.6

nvd

4 месяца назад

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

EPSS

Процентиль: 49%

0.00256

Низкий

9.6 Critical

CVSS3

CVE ID

CVE-2025-10284

Дефекты

CWE-22