CVE-2025-14307
published 2025-12-09CVE-2025-14307: An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely…
PriorityP351high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.28%
19.4th percentile
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | robocode | — | — |
| robocode | robocode | — | — |
| robocode_project | robocode | — | — |
| ubuntu | robocode | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red
osv9.3CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Robocode vulnerabilities
vendor_ubuntu·2026-06-04·CVSS 9.8
CVE-2025-14307 [CRITICAL] Robocode vulnerabilities
Title: Robocode vulnerabilities
Summary: Several security issues were fixed in Robocode.
It was discovered that Robocode could be tricked into making network
requests to attacker-controlled systems. An attacker could possibly use
this issue to cause external service interaction, resulting in
information disclosure. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-10648)
Lim Sim Yee discovered that Robocode did not properly validate file
paths in the CacheCleaner component. An attacker could possibly use this
issue to delete arbitrary files. (CVE-2025-14306)
Lim Sim Yee discovered that Robocode did not securely create temporary
files in the AutoExtract component. An attacker could possibly use this
issue to manipulate temporary files, resulting in arbitrary code
Debian
CVE-2025-14307: robocode - An insecure temporary file creation vulnerability exists in the AutoExtract comp...
vendor_debian·2025·CVSS 9.3
CVE-2025-14307 [CRITICAL] CVE-2025-14307: robocode - An insecure temporary file creation vulnerability exists in the AutoExtract comp...
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
OSV
CVE-2025-14307: An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1
osv·2025-12-09·CVSS 9.3
CVE-2025-14307 [CRITICAL] CVE-2025-14307: An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
OSV
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
osv·2025-12-09
CVE-2025-14307 [CRITICAL] Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
GHSA
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
ghsa·2025-12-09
CVE-2025-14307 [CRITICAL] CWE-377 Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
No detection rules found.
No public exploits indexed.
2025-12-09
Published