CVE-2025-14307

HIGH8.1EPSS 0.06%

Robocode has an insecure temporary file creation vulnerability in the AutoExtract component

Published: 12/9/2025Modified: 12/10/2025

Description

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

Affected packages (2)

Debian/robocodefrom 0
Maven/net.sf.robocode:robocode.battlefrom 0, < 1.9.5.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-14307
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-14307
PATCHhttps://github.com/robo-code/robocode
WEBhttps://github.com/robo-code/robocode/commit/9f882bba2a9cd91da57c16b98699f8cc9b354f3a
WEBhttps://github.com/robo-code/robocode/pull/68