CVE-2025-10284

critical

Description

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

References

https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

Details

Source: Mitre, NVD

Published: 2025-10-09

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.6

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00188