4 matches found
CVE-2025-53632
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53632
CVE-2025-53632 affects Chall-Manager and describes a path traversal (zip slip) vulnerability during the decoding/extraction of a scenario archive. The root cause is that the target path for extracted files is not checked, enabling arbitrary file writes and potential impact on integrity and availa...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...
CVE-2025-53632 Chall-Manager's scenario decoding process does not check for zip slips
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario i.e. a zip archive, the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can...