← back
CVE-2025-10284

Improper Archive Extraction in unarchive Enables RCE

CVSS 9.6 CRITICALEPSS 0.7%CWE-22
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
09 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
BLSOPS, LLC · bbot