9.3

CVSS Score

4.0

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-14307

CVE-2025-14307: Insecure Temporary File Creation in Robocode's AutoExtract Component

An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-14307

CVE-2025-14307:

9.3

CVSS Score

4.0

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
net.sf.robocode:robocode.battle	maven	< 1.9.5.6	1.9.5.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in the insecure creation of temporary files within the Robocode application. The provided patch for commit 9f882bba2a9cd91da57c16b98699f8cc9b354f3a clearly points to the createTempFile method in the net.sf.robocode.recording.RecordManager class as the source of the vulnerability. The original code directly called File.createTempFile, which, in a sandboxed Java environment, can be susceptible to race conditions if not handled with appropriate privileges. The fix involves wrapping the entire body of the createTempFile method within a java.security.AccessController.doPrivileged block. This ensures that the file operations are executed with elevated privileges, preventing malicious actors from interfering with the temporary file creation process. Therefore, the net.sf.robocode.recording.RecordManager.createTempFile function is the precise location of the vulnerability.

Vulnerable functions

net.sf.robocode.recording.RecordManager.createTempFile

robocode.battle/src/main/java/net/sf/robocode/recording/RecordManager.java

The `createTempFile` method in `net.sf.robocode.recording.RecordManager` was vulnerable to a race condition because it created temporary files without the necessary security privileges. An attacker could potentially manipulate the file creation process to overwrite files or execute code. The patch mitigates this by wrapping the file creation logic in an `AccessController.doPrivileged` block, ensuring that the operations are performed with the required permissions, thus preventing the race condition.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-14307: Insecure Temporary File Creation in Robocode's AutoExtract Component

CVE-2025-14307:

9.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

Basic Information

Basic Information

9.3

9.3

CVE-2025-14307: Insecure Temporary File Creation in Robocode's AutoExtract Component

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI