GHSA-2mxr-rc97-xrj2

Source

https://github.com/advisories/GHSA-2mxr-rc97-xrj2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mxr-rc97-xrj2/GHSA-2mxr-rc97-xrj2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2mxr-rc97-xrj2

Aliases

CVE-2025-14307

Published

2025-12-09T18:30:35Z

Modified

2025-12-10T00:41:16.067577Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red CVSS Calculator

Summary

Robocode has an insecure temporary file creation vulnerability in the AutoExtract component

Details

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-377"
    ],
    "nvd_published_at": "2025-12-09T16:17:38Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2025-12-10T00:02:37Z"
}

References

Affected packages

Maven / net.sf.robocode:robocode.battle

Package

Name: net.sf.robocode:robocode.battle; View open source insights on deps.dev
Purl: pkg:maven/net.sf.robocode/robocode.battle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.5.6

Affected versions

1.*

1.9.4.0

1.9.4.1

1.9.4.2

1.9.4.3

1.9.4.5

1.9.4.6

1.9.4.7

1.9.4.8

1.9.5.0

1.9.5.1

1.9.5.2

1.9.5.3

1.9.5.4

1.9.5.5

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/12/GHSA-2mxr-rc97-xrj2/GHSA-2mxr-rc97-xrj2.json"