CVE-2025-10284
Published: 09 October 2025
Description
An adversary may rely upon a user opening a malicious file in order to gain execution.
Security Summary
CVE-2025-10284 is a critical vulnerability (CVSS 9.6, CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) in BBOT's unarchive module, published on 2025-10-09. The flaw stems from improper handling of archive files (CWE-22: Path Traversal), allowing malicious archives supplied to the module to perform arbitrary file writes when extracted, which can result in remote code execution.
A remote, unauthenticated attacker can exploit this vulnerability by providing a specially crafted malicious archive file to a target user running BBOT, requiring user interaction such as processing or extracting the archive. Successful exploitation enables arbitrary file writes on the target's system, leading to remote code execution with high impacts on confidentiality, integrity, and availability, along with a change in scope.
The primary advisory from Black Lantern Security, available at https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper, provides further details on the vulnerability, including recommendations for mitigation.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a path traversal in an archive unarchive module allowing arbitrary file writes and RCE upon user processing of a malicious archive, directly mapping to client-side exploitation (T1203) and user execution of a malicious file (T1204.002).