{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-14306","assignerOrgId":"1a37b84a-8e51-4525-b3d6-87e2fae01dbd","state":"PUBLISHED","assignerShortName":"GovTech CSG","dateReserved":"2025-12-09T07:11:42.252Z","datePublished":"2025-12-09T07:19:29.686Z","dateUpdated":"2026-01-28T19:46:04.687Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://robocode.sourceforge.io/","defaultStatus":"unknown","modules":["CacheCleaner"],"packageName":"robocode","platforms":["Windows","MacOS","Linux"],"product":"Robocode","programFiles":["src/main/java/net/sf/robocode/security/CacheCleaner.java"],"programRoutines":[{"name":"recursivelyDelete()"}],"repo":"https://github.com/robo-code/robocode","vendor":"Robocode Project","versions":[{"status":"affected","version":"1.9.3.6","versionType":"semver"}]}],"credits":[{"lang":"en","type":"reporter","value":"titancaproject@gmail.com"}],"datePublic":"2025-05-10T13:56:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A directory traversal vulnerability exists in the <code>CacheCleaner</code> component of Robocode version 1.9.3.6. The <code>recursivelyDelete</code> method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions.<a target=\"_blank\" rel=\"nofollow\" href=\"https://robo-code.blogspot.com/?utm_source=chatgpt.com\"></a>"}],"value":"A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions.  https://robo-code.blogspot.com/"}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]},{"capecId":"CAPEC-137","descriptions":[{"lang":"en","value":"CAPEC-137 Parameter Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":10,"baseSeverity":"CRITICAL","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"RED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"1a37b84a-8e51-4525-b3d6-87e2fae01dbd","shortName":"GovTech CSG","dateUpdated":"2025-12-09T07:19:29.686Z"},"references":[{"url":"https://github.com/robo-code/robocode/pull/67"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Fixed in commit 836c846 on 13/05/2025<br>"}],"value":"Fixed in commit 836c846 on 13/05/2025"}],"source":{"discovery":"UNKNOWN"},"tags":["x_directory_traversal","x_file_deletion","x_security_vulnerability"],"title":"Directory Traversal in Robocode's CacheCleaner Component","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-09T14:52:06.064345Z","id":"CVE-2025-14306","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-09T14:52:09.816Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-01-28T19:46:04.687Z"},"references":[{"url":"https://github.com/robo-code/robocode/commit/26b6ba8ed5b2a11a646ce2d5da8d42cd53574b1f"}],"title":"CVE Program Container","x_generator":{"engine":"ADPogram 0.0.1"}}]}}