Description
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
Published: 2026-03-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal
Action: Apply Patch
AI Analysis

Impact

The vulnerability exists in Doom Launcher version 3.8.1.0 as a result of missing file path validation during the extraction of game files. An attacker can craft a malicious archive that contains file paths which traverse directories, allowing the extraction routine to write files outside the intended extraction directory. This represents a path traversal weakness, identified as CWE-22, with potential impact of reading or overwriting arbitrary files on the host system.

Affected Systems

The only affected product listed in the advisory is Doom Launcher version 3.8.1.0. No vendor or additional version information is provided.

Risk and Exploitability

The CVSS base score of 7.5 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that exploitation is unlikely in the wild. This issue is not currently listed in the CISA KEV catalog. The exact attack vector is not detailed in the provided information. It can be inferred that exploitation requires a crafted archive to be processed by the extraction routine; this may occur locally when a user runs the launcher or remotely if untrusted archives are downloaded from a network source. The inference about the delivery method is explicitly noted because the input does not specify it.

Generated by OpenCVE AI on March 17, 2026 at 17:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Doom Launcher to the latest available release that addresses the path traversal flaw.
  • If a patch is not yet available, perform game file extraction in a sandboxed environment with restricted file system access.
  • Manually validate extracted file paths before they are written to disk to ensure they remain within the intended directory.
  • Continue to monitor vendor advisories for a formal fix and apply it promptly when released.

Generated by OpenCVE AI on March 17, 2026 at 17:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Title Directory Traversal Vulnerability in Doom Launcher 3.8.1.0 During Game File Extraction

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-22
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Nstlaurent
Nstlaurent doom Launcher
Vendors & Products Nstlaurent
Nstlaurent doom Launcher

Mon, 16 Mar 2026 17:30:00 +0000

Type Values Removed Values Added
Description Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
References

Subscriptions

Nstlaurent Doom Launcher
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-17T13:55:53.024Z

Reserved: 2025-12-08T00:00:00.000Z

Link: CVE-2025-66687

cve-icon Vulnrichment

Updated: 2026-03-17T13:55:47.353Z

cve-icon NVD

Status : Deferred

Published: 2026-03-16T18:16:04.657

Modified: 2026-04-27T19:18:46.690

Link: CVE-2025-66687

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T14:00:55Z

Weaknesses