CVE-2025-10284
Improper Archive Extraction in unarchive Enables RCE
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
BLSOPS, LLC · bbot