CVE-2025-14307

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/robo-code/robocode/pull/68	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:*

History

05 Jan 2026, 16:19

Type	Values Removed	Values Added
First Time		Robocode robocode Robocode
References	~~() https://github.com/robo-code/robocode/pull/68 -~~	() https://github.com/robo-code/robocode/pull/68 - Issue Tracking, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
CPE		cpe:2.3:a:robocode:robocode:1.9.3.6:::::::*

09 Dec 2025, 16:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-09 16:17

Updated : 2026-01-05 16:19

NVD link : CVE-2025-14307

Mitre link : CVE-2025-14307

CVE.ORG link : CVE-2025-14307

JSON object : View

Products Affected

robocode

robocode

CWE

CWE-377

Insecure Temporary File

{"id": "CVE-2025-14307", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 9.3, "Automatable": "YES", "attackVector": "LOCAL", "baseSeverity": "CRITICAL", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-12-09T16:17:38.640", "references": [{"url": "https://github.com/robo-code/robocode/pull/68", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "description": [{"lang": "en", "value": "CWE-377"}]}], "descriptions": [{"lang": "en", "value": "An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions."}], "lastModified": "2026-01-05T16:19:07.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:robocode:robocode:1.9.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "838ABFF5-2DF6-4A7E-933B-179FB2FC1AE0"}], "operator": "OR"}]}], "sourceIdentifier": "cve_disclosure@tech.gov.sg"}