CVE-2025-14307 – This vulnerability allows attackers to exploit ... (How to Fix)

Q: What is the severity of CVE-2025-14307?

CVE-2025-14307 has a CVSS score of 8.1 (HIGH). This vulnerability allows attackers to exploit insecure temporary file creation in Robocode's AutoExtract component, potentially leading to arbitrary code execution or file overwrites through race conditions. It affects all users running Robocode version 1.9.3.6 with the vulnerable component enabled.

📋 TL;DR

This vulnerability allows attackers to exploit insecure temporary file creation in Robocode's AutoExtract component, potentially leading to arbitrary code execution or file overwrites through race conditions. It affects all users running Robocode version 1.9.3.6 with the vulnerable component enabled.

💻 Affected Systems

Products:

Robocode

Versions: 1.9.3.6

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where the AutoExtract component is used, which is part of standard Robocode functionality.

📦 What is this software?

Robocode by Robocode

View all CVEs affecting Robocode →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through arbitrary code execution with the privileges of the Robocode process, potentially leading to complete system takeover.

🟠

Likely Case

Local file corruption or overwriting of sensitive files, potentially causing data loss or denial of service.

🟢

If Mitigated

Limited impact if running with minimal privileges and proper file system permissions, though temporary file manipulation remains possible.

🌐 Internet-Facing: LOW - This appears to be a local vulnerability requiring access to the system running Robocode.

🏢 Internal Only: MEDIUM - Internal users with access to Robocode could exploit this to escalate privileges or damage systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of race condition timing, making it moderately complex to execute reliably.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub PR #68 for specific fix version

Vendor Advisory: https://github.com/robo-code/robocode/pull/68

Restart Required: Yes

Instructions:

1. Review GitHub PR #68 for the security fix. 2. Update to the patched version of Robocode. 3. Restart any running Robocode instances.

🔧 Temporary Workarounds

Run with minimal privileges

all

Execute Robocode with the lowest possible user privileges to limit potential damage from exploitation.

Disable AutoExtract component

all

If AutoExtract functionality is not required, disable it to remove the vulnerable component.

🧯 If You Can't Patch

Implement strict file system permissions to limit write access to temporary directories.
Monitor temporary directory for suspicious file creation patterns and set up alerts.

🔍 How to Verify

Check if Vulnerable:

Check if running Robocode version 1.9.3.6 and verify if AutoExtract component is enabled in configuration.

Check Version:

Check Robocode about dialog or configuration files for version information.

Verify Fix Applied:

Update to patched version from GitHub PR #68 and verify temporary file creation uses secure methods.

📡 Detection & Monitoring

Log Indicators:

Unusual temporary file creation patterns in system logs
Multiple rapid file creation/deletion events in Robocode directories

Network Indicators:

None - this is a local file system vulnerability

SIEM Query:

Search for process creation events where Robocode creates unexpected temporary files or modifies system files.

📊 Metadata

CVE ID: CVE-2025-14307

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-377

EPSS Score: 0.06% exploit probability (19.2th percentile)

Published: December 9, 2025

Last Updated: January 5, 2026

🔗 References

https://github.com/robo-code/robocode/pull/68 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14307, you might also want to check these: