CVE-2023-25303

HIGH

ATLauncher <= 3.4.26.0 - Path Traversal via Malicious mrpack File

Title source: llm

Description

ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.

References (2)

Core 2

Core References

Vendor Advisory

https://github.com/ATLauncher/ATLauncher/security/advisories/GHSA-7cff-8xv4-mvx6

Exploit, Third Party Advisory

https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/

Scores

CVSS v3 7.1

EPSS 0.0055

EPSS Percentile 41.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

atlauncher/atlauncher < 3.4.27.0

Published Apr 04, 2023

Tracked Since Feb 18, 2026