CVE-2025-53632: Chall-Manager is vulnerable to Path Traversal when extracting/decoding a zip archive
(updated )
When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system.
References
- github.com/advisories/GHSA-3gv2-v3jx-r9fh
- github.com/ctfer-io/chall-manager
- github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c
- github.com/ctfer-io/chall-manager/releases/tag/v0.1.4
- github.com/ctfer-io/chall-manager/security/advisories/GHSA-3gv2-v3jx-r9fh
- nvd.nist.gov/vuln/detail/CVE-2025-53632
Code Behaviors & Features
Detect and mitigate CVE-2025-53632 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →