CVE-2025-14306 CRITICAL

CVE-2025-14306: Directory Traversal in Robocode's CacheCleaner Component

Vendor Robocode Project
Product Robocode
Weakness CWE-22 · Path traversal
Published December 9, 2025
Last update January 28, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red

What the vulnerability does

01Description

A directory traversal vulnerability exists in the CacheCleaner component of Robocode version 1.9.3.6. The recursivelyDelete method fails to properly sanitize file paths, allowing attackers to traverse directories and delete arbitrary files on the system. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the file path, leading to potential unauthorized file deletions. https://robo-code.blogspot.com/

Key dates

02Disclosure timeline

December 9, 2025 CVE published
January 28, 2026 Record updated