CVE-2025-14306

CRITICAL9.1EPSS 0.64%

Robocode vulnerable to Directory Traversal in recursivelyDelete Method

發布日:2025/12/9修改日:2026/6/2

描述

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

受影響套件(2)

Debian/robocodefrom 0
Maven/net.sf.robocode:robocode.corefrom 0, < 1.9.5.6

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red
osv	CVSS 3.1	CRITICAL9.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-14306
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-14306
PATCHhttps://github.com/robo-code/robocode
WEBhttps://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f
WEBhttps://github.com/robo-code/robocode/pull/67