Chall-manager Security Vulnerabilities and Issues — Chall-manager CVE List

Lucene search

Ctfer-ioChall-manager

3 matches found

CVE•added 2025/07/10 8:15 p.m.•9 views

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyo...

8.7CVSS6.6AI score0.00113EPSS

CVE•added 2025/07/10 8:15 p.m.•7 views

CVE-2025-53632

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can ex...

8.8CVSS6.7AI score0.00153EPSS

CVE•added 2025/07/10 8:15 p.m.•7 views

CVE-2025-53633

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, ...

8.7CVSS6.6AI score0.00089EPSS