CVE-2025-14307
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| robocode | robocode | 1.9.3.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-377 | Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an insecure temporary file creation issue in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method does not securely create temporary files, which allows attackers to exploit race conditions. This can lead to attackers executing arbitrary code or overwriting critical files by manipulating how temporary files are created.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary code or overwrite critical files on the affected system. This can lead to unauthorized actions, potentially compromising system integrity, confidentiality, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking the Robocode version and inspecting the usage of the createTempFile() method in the RecordManager class to see if it lacks proper privilege management. Since the vulnerability is due to insecure temporary file creation without using AccessController.doPrivileged(), you can review the source code or binaries for this pattern. There are no specific network detection commands provided. For system inspection, you might use commands to check the Robocode version (e.g., checking the installed package version) and review logs for suspicious file creation or modification events related to temporary files. However, no explicit commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves updating Robocode to a version that includes the fix, which wraps the temporary file creation logic within an AccessController.doPrivileged() block to enforce correct privilege checks. If updating is not immediately possible, review and modify the createTempFile() method in the RecordManager class to ensure it uses AccessController.doPrivileged() for file operations. Additionally, monitor and restrict permissions related to temporary file creation to reduce the risk of exploitation. [1]