CVE-2025-10284CRITICAL 9.6EPSS p41.3%

CVE-2025-10284CVE-2025-10284

Description

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.3% · 2026-06-18T12:00:27Z
Published2025-10-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-22

References

  1. https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10283
CVE
CVE-2025-62630
CVE
CVE-2025-29902
CVE
CVE-2025-30023
CVE
CVE-2025-12556
CVE
CVE-2025-59171
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.