Login Sign Up

CVE-2023-25303

7.1 HIGH
Path Traversal

📋 TL;DR

CVE-2023-25303 is a directory traversal vulnerability in ATLauncher that allows attackers to create arbitrary files outside the installation directory by crafting malicious mrpack files. This affects all users of ATLauncher versions up to 3.4.26.0 who process untrusted mrpack files.

💻 Affected Systems

Products:
  • ATLauncher
Versions: <= 3.4.26.0
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations processing mrpack files are vulnerable by default.

📦 What is this software?

Atlauncher by Atlauncher

View all CVEs affecting Atlauncher →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file creation, potentially leading to remote code execution, data theft, or system destruction.

🟠

Likely Case

Local file system corruption, installation of malware, or privilege escalation through crafted files.

🟢

If Mitigated

Limited impact if only trusted mrpack sources are used and proper file system permissions restrict write access.

🌐 Internet-Facing: MEDIUM - Requires user interaction to download and process malicious mrpack files from untrusted sources.
🏢 Internal Only: LOW - Typically requires user interaction with malicious files, though internal distribution could increase risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to download and process a malicious mrpack file; no authentication needed for the file processing itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.27.0

Vendor Advisory: https://github.com/ATLauncher/ATLauncher/security/advisories/GHSA-7cff-8xv4-mvx6

Restart Required: Yes

Instructions:

1. Download ATLauncher 3.4.27.0 or later from official sources. 2. Install the update. 3. Restart ATLauncher.

🔧 Temporary Workarounds

Restrict mrpack sources

all

Only download and process mrpack files from trusted, verified sources.

Run with limited permissions

all

Run ATLauncher with user account that has restricted file system write permissions.

🧯 If You Can't Patch

  • Discontinue use of ATLauncher for processing mrpack files until patched.
  • Implement strict file integrity monitoring for ATLauncher installation directory.

🔍 How to Verify

Check if Vulnerable:

Check ATLauncher version in application settings or about dialog; if version is 3.4.26.0 or earlier, it is vulnerable.

Check Version:

Check Help > About in ATLauncher GUI or examine application metadata files.

Verify Fix Applied:

Verify ATLauncher version is 3.4.27.0 or later after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation events outside ATLauncher directories
  • Errors related to path traversal in application logs

Network Indicators:

  • Downloads of mrpack files from untrusted sources

SIEM Query:

File creation events where path contains '..' or absolute paths in ATLauncher process context.

📊 Metadata

CVE ID: CVE-2023-25303
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-22
Published: April 4, 2023
Last Updated: February 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25303, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)