Plateforme
python
Composant
bbot
Corrigé dans
2.6.2
2.7.0
CVE-2025-10284 describes a Remote Code Execution (RCE) vulnerability found in the unarchive.py script within bbot. This flaw allows a malicious website to manipulate bbot into writing arbitrary files to any location on a user's system. The vulnerability impacts versions of bbot up to and including 2.6.1.6915rc0. A fix is available in version 2.7.0.
The primary impact of CVE-2025-10284 is Remote Code Execution. An attacker controlling a malicious website can exploit this vulnerability by crafting a specific request that triggers the unarchive.py script to write files outside of its intended directory. This allows the attacker to execute arbitrary code on the user's system, effectively gaining control. The blast radius extends to any user who utilizes bbot to scan websites, particularly if they are unaware of the malicious nature of the target site. This vulnerability shares similarities with other file manipulation vulnerabilities where improper input validation leads to arbitrary file writes and subsequent code execution.
CVE-2025-10284 was publicly disclosed on 2025-10-09. The vulnerability's severity is considered CRITICAL due to the potential for Remote Code Execution. There are currently no known public proof-of-concept exploits available, but the ease of exploitation makes it a likely target. It is not currently listed on the CISA KEV catalog.
Users who rely on bbot for website scanning, particularly those who frequently scan websites from untrusted sources, are at significant risk. Individuals using older, unpatched versions of bbot (≤2.6.1.6915rc0) are especially vulnerable. Those running bbot in automated environments or as part of a CI/CD pipeline are also at increased risk.
• python / supply-chain:
import os
import subprocess
# Check for bbot version
result = subprocess.run(['bbot', '--version'], capture_output=True, text=True)
version = result.stdout.strip()
if version.startswith('2.6.'): # Check for affected versions
print("BBot version is vulnerable to CVE-2025-10284")• linux / server:
# Check for suspicious file creation in /tmp or other writable directories
find /tmp -type f -mmin -60 -print• generic web:
Inspect HTTP requests to unarchive.py for unusual parameters or file extensions.
disclosure
Statut de l'Exploit
EPSS
0.20% (percentile 41%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-10284 is to upgrade bbot to version 2.7.0 or later, which contains the necessary fix. If upgrading immediately is not feasible, consider temporarily disabling the unarchive.py script if it's not essential to your workflow. While a WAF or proxy cannot directly prevent this vulnerability, it can be configured to inspect requests to unarchive.py for suspicious patterns. Monitor system logs for unusual file creation activity, particularly in unexpected locations. After upgrading, confirm the fix by attempting to scan a known safe website and verifying that no unexpected files are created.
Mettez à jour le paquet bbot à une version postérieure à 2.6.1. Cela peut être fait en utilisant le gestionnaire de paquets Python, pip, en exécutant la commande : `pip install --upgrade bbot`. Cela installera la dernière version disponible contenant la correction de sécurité.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-10284 is a CRITICAL Remote Code Execution vulnerability in bbot's unarchive.py script, allowing malicious websites to execute code on a user's system.
You are affected if you are using bbot version 2.6.1.6915rc0 or earlier. Upgrade to version 2.7.0 to resolve the vulnerability.
Upgrade bbot to version 2.7.0 or later. If immediate upgrade is not possible, temporarily disable the unarchive.py script.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest it may become a target.
Refer to the bbot project's official website or GitHub repository for the latest security advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier requirements.txt et nous te dirons instantanément si tu es affecté.