CVE-2025-10283 - Vulnerability Details - OpenCVE

BBOT's gitdumper module could be abused to execute commands through a malicious git repository.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0007.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Blsops	Bbot

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Blsops	Bbot

Advisories

Source	ID	Title
Github GHSA	GHSA-h6m2-r6h9-4c44	BBOT's insufficient sanitization issues in gitdumper.py can lead to RCE

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper

History

Fri, 10 Oct 2025 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Blsops Blsops bbot
Vendors & Products		Blsops Blsops bbot

Thu, 09 Oct 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 09 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
Title		Improper .git Sanitization in gitdumper Enables RCE
Weaknesses		CWE-22
References		https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: BLSOPS

Published: 2025-10-09T15:46:12.847Z

Updated: 2025-10-09T17:39:02.243Z

Reserved: 2025-09-11T16:19:04.815Z

Link: CVE-2025-10283

Vulnrichment

Updated: 2025-10-09T17:38:58.569Z

NVD

Status : Awaiting Analysis

Published: 2025-10-09T16:15:43.947

Modified: 2025-10-14T19:37:28.107

Link: CVE-2025-10283

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-10-10T11:17:48Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10283", "assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "state": "PUBLISHED", "assignerShortName": "BLSOPS", "dateReserved": "2025-09-11T16:19:04.815Z", "datePublished": "2025-10-09T15:46:12.847Z", "dateUpdated": "2025-10-09T17:39:02.243Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.org/project/bbot/", "defaultStatus": "unaffected", "packageName": "bbot", "platforms": ["Linux"], "product": "bbot", "repo": "https://github.com/blacklanternsecurity/bbot", "vendor": "BLSOPS, LLC", "versions": [{"lessThanOrEqual": "2.6.1", "status": "affected", "version": "0.0.0", "versionType": "2.7.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "BBOT's gitdumper module could be abused to execute commands through a malicious git repository.<br>"}], "value": "BBOT's gitdumper module could be abused to execute commands through a malicious git repository."}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "shortName": "BLSOPS", "dateUpdated": "2025-10-09T15:55:12.470Z"}, "references": [{"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper .git Sanitization in gitdumper Enables RCE", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-09T17:38:56.042030Z", "id": "CVE-2025-10283", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T17:39:02.243Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10283", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-09T17:38:56.042030Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-09T17:38:58.569Z"}}], "cna": {"title": "Improper .git Sanitization in gitdumper Enables RCE", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/blacklanternsecurity/bbot", "vendor": "BLSOPS, LLC", "product": "bbot", "versions": [{"status": "affected", "version": "0.0.0", "versionType": "2.7.1", "lessThanOrEqual": "2.6.1"}], "platforms": ["Linux"], "packageName": "bbot", "collectionURL": "https://pypi.org/project/bbot/", "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "BBOT's gitdumper module could be abused to execute commands through a malicious git repository.", "supportingMedia": [{"type": "text/html", "value": "BBOT's gitdumper module could be abused to execute commands through a malicious git repository.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "shortName": "BLSOPS", "dateUpdated": "2025-10-09T15:55:12.470Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10283", "state": "PUBLISHED", "dateUpdated": "2025-10-09T17:39:02.243Z", "dateReserved": "2025-09-11T16:19:04.815Z", "assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d", "datePublished": "2025-10-09T15:46:12.847Z", "assignerShortName": "BLSOPS"}, "dataVersion": "5.1"}