Headline
GHSA-2mxr-rc97-xrj2: Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-14307
Robocode has an insecure temporary file creation vulnerability in the AutoExtract component
Critical severity GitHub Reviewed Published Dec 9, 2025 to the GitHub Advisory Database • Updated Dec 10, 2025
Package
maven net.sf.robocode:robocode.battle (Maven)
Affected versions
< 1.9.5.6
An insecure temporary file creation vulnerability exists in the AutoExtract component of Robocode version 1.9.3.6. The createTempFile method fails to securely create temporary files, allowing attackers to exploit race conditions and potentially execute arbitrary code or overwrite critical files. This vulnerability can be exploited by manipulating the temporary file creation process, leading to potential unauthorized actions.
References
- https://nvd.nist.gov/vuln/detail/CVE-2025-14307
- robo-code/robocode#68
- robo-code/robocode@9f882bb
Published to the GitHub Advisory Database
Dec 9, 2025
Last updated
Dec 10, 2025