CVE-2025-14306

CRITICAL EPSS 55.1%

Published Dec 9, 20256mo ago · Modified Jun 17, 20261w ago

10.0 CVSS 4.0

Critical

Published Dec 9, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

Description

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

CVSS Details

Base Score

10.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

55.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

Vendor	Product	Version	Range
robocode	robocode	1.9.3.6	any

References 2

github.com https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f
github.com https://github.com/robo-code/robocode/pull/67

Issue TrackingVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.