Plateforme
python
Composant
bbot
Corrigé dans
2.6.2
2.7.0
CVE-2025-10283 describes a Remote Code Execution (RCE) vulnerability discovered in bbot, specifically within its gitdumper.py script. This vulnerability allows an attacker to execute arbitrary code on a user's system if the user utilizes bbot to scan a malicious webserver. The vulnerability affects versions of bbot up to and including 2.6.1.6915rc0, and a fix is available in version 2.7.0.
The impact of CVE-2025-10283 is severe. An attacker can craft a malicious .git/config or .git/index file and trick a user into having bbot scan a webserver hosting this file. Upon processing the malicious file, gitdumper.py fails to properly sanitize the input, leading to arbitrary file write capabilities. This file write can then be leveraged to execute arbitrary code on the user's system, effectively granting the attacker complete control. This is analogous to vulnerabilities where untrusted data is processed without proper validation, leading to code execution. The blast radius extends to any user utilizing bbot to scan potentially compromised webservers.
CVE-2025-10283 was publicly disclosed on 2025-10-09. Its severity is rated as CRITICAL (CVSS 9.6). There is currently no indication of active exploitation campaigns or KEV listing. Public proof-of-concept (PoC) code is not yet available, but the vulnerability's nature suggests that it is likely to be exploited once a PoC is released.
Security researchers and developers who utilize bbot for web application scanning are at risk. Specifically, those who routinely scan external repositories or webservers without rigorous security controls are particularly vulnerable. Users relying on automated scanning workflows are also at increased risk if they are not actively monitoring bbot's activity.
• linux / server: Monitor file system activity within the bbot installation directory for unexpected file modifications. Use auditd to track access to gitdumper.py and related configuration files.
auditctl -w /path/to/bbot/gitdumper.py -p wa -k bbot_rce• python: Examine Python scripts for insecure file handling practices. Look for instances where user-supplied data is directly used in file operations without proper sanitization.
• generic web: Monitor web server access logs for requests to unusual file extensions or patterns that might indicate an attempt to deliver a malicious .git/config or .git/index file.
disclosure
Statut de l'Exploit
EPSS
0.06% (percentile 19%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-10283 is to upgrade bbot to version 2.7.0 or later, which contains the necessary fix. If an immediate upgrade is not feasible, consider temporarily restricting bbot's access to external repositories or webservers. Carefully review the source code of any repositories scanned by bbot for suspicious modifications. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for unusual file write activity or suspicious network traffic associated with bbot's execution. No specific Sigma or YARA rules are readily available, but monitoring file system changes within the bbot installation directory is recommended.
Mettez à jour le paquet bbot à une version postérieure à la 2.6.1. Cela peut être fait en utilisant le gestionnaire de paquets pip en exécutant la commande : `pip install --upgrade bbot`. Assurez-vous de vérifier que la mise à jour a été effectuée correctement.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-10283 is a CRITICAL Remote Code Execution vulnerability in bbot's gitdumper.py script, allowing attackers to execute code on a user's system by exploiting insufficient sanitization of .git/config or .git/index files.
You are affected if you are using bbot version 2.6.1.6915rc0 or earlier. If you use bbot to scan external webservers, you are at higher risk.
Upgrade bbot to version 2.7.0 or later to resolve this vulnerability. If an upgrade is not immediately possible, restrict bbot's access to external repositories.
There is currently no confirmed evidence of active exploitation, but the vulnerability's severity suggests it is likely to be targeted once a public proof-of-concept is available.
Refer to the bbot project's official website or GitHub repository for the latest security advisories and updates related to CVE-2025-10283.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.