Platform
java
Component
net.sf.robocode:robocode.core
Fixed in
1.9.4
1.9.5.6
CVE-2025-14306 represents a critical directory traversal vulnerability discovered in Robocode Core, specifically within the CacheCleaner component. This flaw allows attackers to potentially delete arbitrary files on the system by manipulating file paths. The vulnerability affects versions of Robocode Core up to and including 1.9.5.5, and a fix is available in version 1.9.5.6.
The impact of this vulnerability is significant. An attacker who successfully exploits CVE-2025-14306 can gain unauthorized access to delete files on the system where Robocode Core is running. This could lead to data loss, system instability, or even denial of service. The recursiveDelete method's failure to properly sanitize file paths is the root cause, enabling attackers to bypass intended security controls. The potential for widespread damage depends on the permissions granted to the Robocode process and the sensitivity of the files it has access to. While Robocode is primarily a programming education tool, its use in automated trading or other sensitive contexts could amplify the impact significantly.
CVE-2025-14306 was published on 2025-12-09. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The CVSS score of 9.5 indicates a critical severity, warranting immediate attention.
Exploit Status
EPSS
0.58% (69% percentile)
CISA SSVC
The primary mitigation for CVE-2025-14306 is to upgrade Robocode Core to version 1.9.5.6 or later. If upgrading is not immediately feasible, consider restricting the permissions of the Robocode process to minimize the potential damage from unauthorized file deletions. While a direct WAF rule is unlikely to be effective due to the nature of the vulnerability, monitoring file system activity for unexpected deletions originating from the Robocode process can provide an early warning. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring for unusual file deletion patterns within the Robocode directory is recommended.
Actualizar Robocode a una versión posterior a 1.9.3.6 que corrija la vulnerabilidad de recorrido de directorios. Consultar el repositorio del proyecto o el sitio web oficial para obtener la última versión y las instrucciones de actualización.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14306 is a critical directory traversal vulnerability in Robocode Core versions up to 1.9.5.5, allowing attackers to delete files.
You are affected if you are using Robocode Core version 1.9.5.5 or earlier. Upgrade to 1.9.5.6 to resolve the issue.
Upgrade Robocode Core to version 1.9.5.6 or later. Restrict Robocode process permissions as a temporary workaround.
There is currently no evidence of active exploitation, but the vulnerability's severity warrants immediate action.
Refer to the Robocode project's official website and release notes for the latest advisory regarding CVE-2025-14306.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.