Remote Code Execution Vulnerability in BBOT Unarchive Module
CVE-2025-10284

9.6CRITICAL

Key Information:

Vendor: Blsops, Llc
Status: Bbot
Vendor: CVE Published:; 9 October 2025

🔔 Create Blsops, Llc Vulnerability Alert

What is CVE-2025-10284?

The unarchive module in BBOT is susceptible to exploitation by supplying specially crafted malicious archive files. When these archives are extracted, they can lead to arbitrary file writes on the system, potentially allowing an attacker to execute arbitrary code remotely. This vulnerability emphasizes the importance of validating and sanitizing input from archives to mitigate security risks.

Affected Version(s)

bbot Linux 0.0.0 <= 2.6.1

References

https://blog.blacklanternsecurity.com/p/bbot-security-adv...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 9, 2025
Vulnerability Reserved
Sep 11, 2025

JSON