CVE-2025-14307 | THREATINT

Description

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

PUBLISHED Reserved 2025-12-09 | Published 2025-12-09 | Updated 2025-12-09 | Assigner GovTech CSG

CRITICAL: 9.3CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red

Problem types

CWE-377

Product status

Default status

unaffected

1.9.3.6 (semver)

affected

Credits

titancaproject@gmail.com reporter

References

github.com/robo-code/robocode/pull/68

cve.org (CVE-2025-14307)

nvd.nist.gov (CVE-2025-14307)

Download JSON