Improper Archive Extraction in unarchive Enables RCE_CVE-2025-10284

9.6 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Description

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

Basic Information

ID CVE-2025-10284

Source BLSOPS

Published Oct 9, 2025 at 15:46

Modified Oct 9, 2025 at 15:55

Affected Product

Vendor BLSOPS, LLC

Product bbot

Version 0.0.0

Affected Versions BLSOPS, LLC bbot 0.0.0

CWE Classification

CWE-22

References

blog.blacklanternsecurity.com /p/bbot-security-advisory-gitdumper

{
    "lastseen": "",
    "description": "BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.",
    "published": "2025-10-09T15:46:14.738Z",
    "modified": "2025-10-09T15:55:20.518Z",
    "type": "cve",
    "title": "Improper Archive Extraction in unarchive Enables RCE",
    "source": "BLSOPS",
    "references": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper",
    "id": "CVE-2025-10284",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "BLSOPS, LLC bbot 0.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.6,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bbot",
    "version": "0.0.0",
    "vendor": "BLSOPS, LLC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}