CVE-2025-10284

Critical

Published: 09 October 2025

Published

09 October 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0025 48.0th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-10284 is a critical-severity Path Traversal (CWE-22) vulnerability in Blacklanternsecurity (inferred from references). Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates CVE-2025-10284 by requiring timely remediation of the flaw in BBOT's unarchive module through patching or updates.

SI-10 Information Input Validation good match

prevent

Requires validation of archive file inputs to block path traversal sequences that enable arbitrary file writes.

AC-6 Least Privilege partial match

prevent

Enforces least privilege for BBOT processes, limiting the impact of arbitrary file writes by restricting access to sensitive locations needed for RCE.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution

Adversaries may exploit software vulnerabilities in client applications to execute code.

attack.mitre.org →

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

The vulnerability is a path traversal in an archive unarchive module allowing arbitrary file writes and RCE upon user processing of a malicious archive, directly mapping to client-side exploitation (T1203) and user execution of a malicious file (T1204.002).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.

Deeper analysisAI

CVE-2025-10284 is a critical vulnerability in BBOT's unarchive module, which can be abused by supplying malicious archive files. When extracted, these files enable arbitrary file writes, potentially resulting in remote code execution. The issue is classified under CWE-22 (Path Traversal) and carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its network accessibility and comprehensive impact.

Attackers can exploit this vulnerability remotely without authentication by tricking a user into processing a malicious archive file with BBOT, as it requires user interaction. No privileges are needed on the target system, and the low complexity makes it accessible to remote adversaries. Successful exploitation allows arbitrary file writes leading to remote code execution, with high impacts on confidentiality, integrity, and availability, along with a changed scope.

Mitigation details are available in the security advisory published by Black Lantern Security at https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper.