CVE-2025-14306

Опубликовано: 09 дек. 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

Ссылки

https://github.com/robo-code/robocode/pull/67
Issue Tracking
Vendor Advisory
https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0056

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

CVE-2025-14306

CVSS3: 9.1

ubuntu

2 месяца назад

CVE-2025-14306

CVSS3: 9.1

debian

2 месяца назад

A directory traversal vulnerability exists in the CacheCleaner compone ...

GHSA-j8r2-47rx-qhw4

github

около 2 месяцев назад

Robocode vulnerable to Directory Traversal in recursivelyDelete Method

EPSS

Процентиль: 68%

0.0056

Низкий

9.1 Critical

CVSS3

Дефекты

CWE-22