CVE-2025-66687
Received Received - Intake

Directory Traversal in Doom Launcher 3.8.1.0 Allows File Access

Vulnerability report for CVE-2025-66687, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-03-17

Assigner: MITRE

Description

Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-03-17
Generated
2026-07-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-66687 is a directory traversal (path traversal) vulnerability in Doom Launcher version 3.8.1.0. It occurs because the application does not properly validate file paths when extracting game files from RAR archives.'}, {'type': 'paragraph', 'content': 'Specifically, the vulnerability arises during the decompression of RAR files using the SevenZipSharp library, which fails to filter out relative path patterns like "../". This allows an attacker to craft malicious RAR files containing filenames with relative paths that escape the intended extraction directory.'}, {'type': 'paragraph', 'content': "When a user loads such a malicious RAR file, the application extracts files into unintended locations on the file system, such as the Windows Startup folder. Files placed there can execute automatically upon the next system reboot or user login, enabling arbitrary code execution with the current user's privileges."}, {'type': 'paragraph', 'content': 'Exploitation requires user interaction, specifically loading a malicious RAR archive. The issue was fixed in Doom Launcher version 3.8.2.0 by adding validation to block relative paths during extraction.'}] [1, 2]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the current user.

By crafting a malicious RAR archive that exploits the directory traversal flaw, an attacker can place files in sensitive locations such as the Windows Startup folder.

Files placed in the Startup folder will execute automatically when the system reboots or the user logs in, potentially leading to malware execution, unauthorized actions, or system compromise.

The attack requires that you load a malicious RAR file in Doom Launcher, so user interaction is necessary for exploitation.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if Doom Launcher version 3.8.1.0 is extracting files from RAR archives without validating or sanitizing filenames containing relative path sequences like "../".'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to look for unexpected files placed in sensitive directories such as the Windows Startup folder, especially files that were extracted recently and could have been planted by Doom Launcher.'}, {'type': 'paragraph', 'content': 'Commands to help detect suspicious files or activity include:'}, {'type': 'list_item', 'content': 'On Windows, use PowerShell to find recently created files in the Startup folder: Get-ChildItem "$env:APPDATA\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" | Where-Object { $_.CreationTime -gt (Get-Date).AddDays(-1) }'}, {'type': 'list_item', 'content': 'Search for files with suspicious relative paths inside RAR archives before extraction using tools like 7-Zip or command line utilities to inspect archive contents.'}, {'type': 'list_item', 'content': 'Monitor logs or use file integrity monitoring tools to detect unexpected file creations in user directories related to Doom Launcher.'}] [1, 2]

Mitigation Strategies

The immediate mitigation step is to upgrade Doom Launcher to version 3.8.2.0 or later, where the vendor fixed the issue by adding validation to block relative paths during game file loading.

Until the upgrade is applied, avoid loading RAR game files from untrusted or unknown sources to prevent exploitation.

Additionally, implement monitoring for suspicious files in sensitive directories such as the Windows Startup folder and consider restricting write permissions to these directories for the user running Doom Launcher.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66687. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart