Plattform
python
Komponente
bbot
Behoben in
2.6.2
2.7.0
CVE-2025-10283 describes a Remote Code Execution (RCE) vulnerability discovered in bbot, specifically within its gitdumper.py script. This vulnerability allows an attacker to execute arbitrary code on a user's system if the user utilizes bbot to scan a malicious webserver. The vulnerability affects versions of bbot up to and including 2.6.1.6915rc0, and a fix is available in version 2.7.0.
The impact of CVE-2025-10283 is severe. An attacker can craft a malicious .git/config or .git/index file and trick a user into having bbot scan a webserver hosting this file. Upon processing the malicious file, gitdumper.py fails to properly sanitize the input, leading to arbitrary file write capabilities. This file write can then be leveraged to execute arbitrary code on the user's system, effectively granting the attacker complete control. This is analogous to vulnerabilities where untrusted data is processed without proper validation, leading to code execution. The blast radius extends to any user utilizing bbot to scan potentially compromised webservers.
CVE-2025-10283 was publicly disclosed on 2025-10-09. Its severity is rated as CRITICAL (CVSS 9.6). There is currently no indication of active exploitation campaigns or KEV listing. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests that it is likely to be exploited once a PoC is released.
Security researchers and developers who utilize bbot for web application scanning are at risk. Specifically, those who routinely scan external repositories or webservers without rigorous security controls are particularly vulnerable. Users relying on automated scanning workflows are also at increased risk if they are not actively monitoring bbot's activity.
• linux / server: Monitor file system activity within the bbot installation directory for unexpected file modifications. Use auditd to track access to gitdumper.py and related configuration files.
auditctl -w /path/to/bbot/gitdumper.py -p wa -k bbot_rce• python: Examine Python scripts for insecure file handling practices. Look for instances where user-supplied data is directly used in file operations without proper sanitization.
• generic web: Monitor web server access logs for requests to unusual file extensions or patterns that might indicate an attempt to deliver a malicious .git/config or .git/index file.
disclosure
Exploit-Status
EPSS
0.06% (19% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-10283 is to upgrade bbot to version 2.7.0 or later, which contains the necessary fix. If an immediate upgrade is not feasible, consider temporarily restricting bbot's access to external repositories or webservers. Carefully review the source code of any repositories scanned by bbot for suspicious modifications. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for unusual file write activity or suspicious network traffic associated with bbot's execution. No specific Sigma or YARA rules are readily available, but monitoring file system changes within the bbot installation directory is recommended.
Aktualisieren Sie das bbot-Paket auf eine Version nach 2.6.1. Dies kann mit dem Paketmanager pip erfolgen, indem Sie den Befehl `pip install --upgrade bbot` ausführen. Stellen Sie sicher, dass Sie überprüfen, ob das Update erfolgreich war.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-10283 is a CRITICAL Remote Code Execution vulnerability in bbot's gitdumper.py script, allowing attackers to execute code on a user's system by exploiting insufficient sanitization of .git/config or .git/index files.
You are affected if you are using bbot version 2.6.1.6915rc0 or earlier. If you use bbot to scan external webservers, you are at higher risk.
Upgrade bbot to version 2.7.0 or later to resolve this vulnerability. If an upgrade is not immediately possible, restrict bbot's access to external repositories.
There is currently no confirmed evidence of active exploitation, but the vulnerability's severity suggests it is likely to be targeted once a public proof-of-concept is available.
Refer to the bbot project's official website or GitHub repository for the latest security advisories and updates related to CVE-2025-10283.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.