CVE-2023-25305
HIGHPolyMC < 5.0 - Path Traversal via Malicious Mrpack File
Title source: llmDescription
PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.
References (2)
Core 2
Core References
Patch, Vendor Advisory
https://github.com/PolyMC/PolyMC/security/advisories/GHSA-3rfr-g9g9-7gx2
Exploit, Third Party Advisory
https://quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/
Scores
CVSS v3
7.1
EPSS
0.0056
EPSS Percentile
42.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
polymc/polymc
< 5.0
Published
Apr 04, 2023
Tracked Since
Feb 18, 2026