Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2025-66687 is a directory traversal (path traversal) vulnerability in Doom Launcher version 3.8.1.0. It occurs because the application does not properly validate file paths when extracting game files from RAR archives.'}, {'type': 'paragraph', 'content': 'Specifically, the vulnerability arises during the decompression of RAR files using the SevenZipSharp library, which fails to filter out relative path patterns like "../". This allows an attacker to craft malicious RAR files containing filenames with relative paths that escape the intended extraction directory.'}, {'type': 'paragraph', 'content': "When a user loads such a malicious RAR file, the application extracts files into unintended locations on the file system, such as the Windows Startup folder. Files placed there can execute automatically upon the next system reboot or user login, enabling arbitrary code execution with the current user's privileges."}, {'type': 'paragraph', 'content': 'Exploitation requires user interaction, specifically loading a malicious RAR archive. The issue was fixed in Doom Launcher version 3.8.2.0 by adding validation to block relative paths during extraction.'}] [1, 2]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the current user.

By crafting a malicious RAR archive that exploits the directory traversal flaw, an attacker can place files in sensitive locations such as the Windows Startup folder.

Files placed in the Startup folder will execute automatically when the system reboots or the user logs in, potentially leading to malware execution, unauthorized actions, or system compromise.

The attack requires that you load a malicious RAR file in Doom Launcher, so user interaction is necessary for exploitation.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if Doom Launcher version 3.8.1.0 is extracting files from RAR archives without validating or sanitizing filenames containing relative path sequences like "../".'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to look for unexpected files placed in sensitive directories such as the Windows Startup folder, especially files that were extracted recently and could have been planted by Doom Launcher.'}, {'type': 'paragraph', 'content': 'Commands to help detect suspicious files or activity include:'}, {'type': 'list_item', 'content': 'On Windows, use PowerShell to find recently created files in the Startup folder: Get-ChildItem "$env:APPDATA\\Microsoft\\Windows\\Start Menu\\Programs\\Startup" | Where-Object { $_.CreationTime -gt (Get-Date).AddDays(-1) }'}, {'type': 'list_item', 'content': 'Search for files with suspicious relative paths inside RAR archives before extraction using tools like 7-Zip or command line utilities to inspect archive contents.'}, {'type': 'list_item', 'content': 'Monitor logs or use file integrity monitoring tools to detect unexpected file creations in user directories related to Doom Launcher.'}] [1, 2]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade Doom Launcher to version 3.8.2.0 or later, where the vendor fixed the issue by adding validation to block relative paths during game file loading.

Until the upgrade is applied, avoid loading RAR game files from untrusted or unknown sources to prevent exploitation.

Additionally, implement monitoring for suspicious files in sensitive directories such as the Windows Startup folder and consider restricting write permissions to these directories for the user running Doom Launcher.

Useful 0 Not Useful 0