Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by BLSOPS, LLC
CVE-2025-10284 (GCVE-0-2025-10284)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:38
VLAI
Title
Improper Archive Extraction in unarchive Enables RCE
Summary
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:26.423603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:38:35.196Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:20.518Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Archive Extraction in unarchive Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10284",
"datePublished": "2025-10-09T15:46:14.738Z",
"dateReserved": "2025-09-11T16:19:05.900Z",
"dateUpdated": "2025-10-09T17:38:35.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10283 (GCVE-0-2025-10283)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 17:39
VLAI
Title
Improper .git Sanitization in gitdumper Enables RCE
Summary
BBOT's gitdumper module could be abused to execute commands through a malicious git repository.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T17:38:56.042030Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T17:39:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository.\u003cbr\u003e"
}
],
"value": "BBOT\u0027s gitdumper module could be abused to execute commands through a malicious git repository."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:12.470Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper .git Sanitization in gitdumper Enables RCE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10283",
"datePublished": "2025-10-09T15:46:12.847Z",
"dateReserved": "2025-09-11T16:19:04.815Z",
"dateUpdated": "2025-10-09T17:39:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10282 (GCVE-0-2025-10282)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:46 – Updated: 2025-10-09 19:03
VLAI
Title
GitLab Domain Confusion in gitlab Leaks API Key
Summary
BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:02:56.555078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:03:04.124Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:55:05.919Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GitLab Domain Confusion in gitlab Leaks API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10282",
"datePublished": "2025-10-09T15:46:10.669Z",
"dateReserved": "2025-09-11T16:19:03.671Z",
"dateUpdated": "2025-10-09T19:03:04.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10281 (GCVE-0-2025-10281)
Vulnerability from cvelistv5 – Published: 2025-10-09 15:45 – Updated: 2025-10-09 19:04
VLAI
Title
Insecure URL Handling in git_clone Leading to Leaked API Key
Summary
BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.
Severity
4.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BLSOPS, LLC | bbot |
Affected:
0.0.0 , ≤ 2.6.1
(2.7.1)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-09T19:04:25.334821Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T19:04:36.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/bbot/",
"defaultStatus": "unaffected",
"packageName": "bbot",
"platforms": [
"Linux"
],
"product": "bbot",
"repo": "https://github.com/blacklanternsecurity/bbot",
"vendor": "BLSOPS, LLC",
"versions": [
{
"lessThanOrEqual": "2.6.1",
"status": "affected",
"version": "0.0.0",
"versionType": "2.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"value": "BBOT\u0027s git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Man in the Middle Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-09T15:54:55.350Z",
"orgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"shortName": "BLSOPS"
},
"references": [
{
"url": "https://blog.blacklanternsecurity.com/p/bbot-security-advisory-gitdumper"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure URL Handling in git_clone Leading to Leaked API Key",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "27b6da8a-f51d-48d9-9eef-9b7f3405d20d",
"assignerShortName": "BLSOPS",
"cveId": "CVE-2025-10281",
"datePublished": "2025-10-09T15:45:56.325Z",
"dateReserved": "2025-09-11T16:19:02.209Z",
"dateUpdated": "2025-10-09T19:04:36.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}