CVE-2025-14306CRITICAL 9.1EPSS p54.8%

CVE-2025-14306CVE-2025-14306

Description

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS0.90% probability of exploitation · percentile 54.8% · 2026-06-19T12:03:05Z
Published2025-12-09
Last modified2026-01-28

Underlying weaknesses· 1

CWE-22

References

  1. https://github.com/robo-code/robocode/pull/67
  2. https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f

1

TypeTargetConfidenceTier
WeaknessImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal')cwe-220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-14307
CVE
CVE-2025-14308
CVE
CVE-2026-41551
CVE
CVE-2025-57790
CVE
CVE-2025-14850
CVE
CVE-2025-57285
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.