UBUNTU-CVE-2025-14307

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2025-14307

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-14307

Upstream

CVE-2025-14307

Published

2025-12-09T16:17:00Z

Modified

2026-01-20T18:16:03.183428Z

Severity

9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red CVSS Calculator
8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

References

Affected packages

Ubuntu:16.04:LTS

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.2.5-2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.2.4-2

1.9.2.5-1

1.9.2.5-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.2.5-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"

Ubuntu:18.04:LTS

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.3.1-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.2.6-3

1.9.3.1-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.3.1-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"

Ubuntu:20.04:LTS

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.3.7-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.3.5-1

1.9.3.7-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.3.7-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"

Ubuntu:22.04:LTS

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.3.9-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.3.9-2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.3.9-2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"

Ubuntu:24.04:LTS

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.3.9-3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.3.9-3

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.3.9-3"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"

Ubuntu:25.10

robocode

Package

Name: robocode
Purl: pkg:deb/ubuntu/robocode@1.9.3.9-4?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.3.9-4

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "robocode",
            "binary_version": "1.9.3.9-4"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-14307.json"