Home > Vulnerability Database > CVE-2025-10284

Mend.io Vulnerability Database

CVE-2025-10284

Good to know:

Date: October 9, 2025

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

Severity Score

9.6

Related Resources (6)

Url: https://github.com/blacklanternsecurity/bbot/commit/6325f2f4f8f6f4545703e4c9b8004e69f71bec82

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-10284

Url: https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

Url: https://github.com/blacklanternsecurity/bbot

Url: https://github.com/blacklanternsecurity/bbot/security/advisories/GHSA-fhw8-8v9p-7jp7

Url: https://www.mend.io/vulnerability-database/CVE-2025-10284

Severity Score

9.6

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Top Fix

Upgrade Version

Upgrade to version bbot - 2.7.0

Learn More

CVSS v3.1

Base Score:	9.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-10284

Good to know:

Date: October 9, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?