9.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-10284

GHSA ID

GHSA-fhw8-8v9p-7jp7

EPSS Score

CWE

CWE-22

Published

10/9/2025

Updated

10/9/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-10284

CVE-2025-10284: BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary

Various issues in bbot's unarchive.py allow a malicious site to cause bbot to write arbitrary files to arbitrary locations. This can be used to achieve Remote Code Execution (RCE).

Impact

A user who uses bbot to scan a malicious webserver may have arbitrary code executed on their system.

(GitHub Advisory)

9.7

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-10284

GHSA ID

GHSA-fhw8-8v9p-7jp7

EPSS Score

CWE

CWE-22

Published

10/9/2025

Updated

10/9/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
bbot	pip	< 2.7.0	2.7.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The analysis of the vulnerability is based on the provided commit 6325f2f4f8f6f4545703e4c9b8004e69f71bec82 and the related security advisory blog post. The commit diff clearly shows that the handle_event function in bbot/modules/internal/unarchive.py was modified to address a security issue. The blog post for CVE-2025-10284 confirms that the vulnerability was due to improper archive extraction that could lead to arbitrary file writes and RCE. The vulnerability was caused by a directory name collision, which allowed an attacker to write files to an unintended location. The patch addresses this by explicitly checking if the destination directory already exists and aborting the extraction if it does. Therefore, the handle_event function is identified as the vulnerable function as it was responsible for the unsafe extraction process.

Vulnerable functions

unarchive.handle_event

bbot/modules/internal/unarchive.py

The `handle_event` function in the `unarchive` module is responsible for extracting archive files. The vulnerability existed because the function did not properly sanitize the output directory path, and it did not check if the destination directory already existed. This could allow a maliciously crafted archive to cause a directory name collision, leading to files being written to arbitrary locations on the filesystem, which could result in Remote Code Execution (RCE). The patch mitigates this by attempting to create the destination directory and failing if it already exists, thus preventing the extraction to a potentially unsafe location.

WAF Protection Rules

WAF Rule

### Summ*ry V*rious issu*s in **ot's `un*r**iv*.py` *llow * m*li*ious sit* to **us* **ot to writ* *r*itr*ry *il*s to *r*itr*ry lo**tions. T*is **n ** us** to ***i*v* R*mot* *o** *x**ution (R**). ### Imp**t * us*r w*o us*s **ot to s**n * m*li*ious

Reasoning

T** *n*lysis o* t** vuln*r**ility is **s** on t** provi*** *ommit `****************************************` *n* t** r*l*t** s**urity **visory *lo* post. T** *ommit *i** *l**rly s*ows t**t t** `**n*l*_*v*nt` *un*tion in `**ot/mo*ul*s/int*rn*l/un*r**i

9.7

Basic Information

Concerned about an active attack path?

CVE-2025-10284: BBOT's various issues in unarchive.py can cause arbitrary file write and RCE

Summary

Impact

9.7

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI