CVE-2025-14307 CRITICAL

CVE-2025-14307: Insecure Temporary File Creation in Robocode's AutoExtract Component

Vendor Robocode Project
Product Robocode
Weakness CWE-377
Published December 9, 2025
Last update December 9, 2025

CVSS base score

9.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/R:U/V:D/RE:M/U:Red

What the vulnerability does

01Description

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

Key dates

02Disclosure timeline

December 9, 2025 CVE published
December 9, 2025 Record updated