CVE-2025-53632
CRITICAL9.1EPSS 0.19%Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive
描述
### Impact When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is **highly** recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. ### Patches Patch has been implemented by [commit `47d188f`](https://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c) and shipped in [`v0.1.4`](https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4). ### Workarounds No workaround exist. ### References N/A.
受影響套件(2)
- Go/github.com/ctfer-io/chall-managerfrom 0, < 0.1.4
- Go/github.com/ctfer-io/chall-managerfrom 0, < 0.1.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-53632
- PATCHhttps://github.com/ctfer-io/chall-manager
- WEBhttps://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c
- WEBhttps://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4
- WEBhttps://github.com/ctfer-io/chall-manager/security/advisories/GHSA-3gv2-v3jx-r9fh