CVE-2025-53633
CRITICALDescription
Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 14042aa and shipped in v0.1.4.
Is your site exposed to CVE-2025-53633?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ctfer-io | chall-manager |
References
Frequently Asked Questions
What is CVE-2025-53633? +
How severe is CVE-2025-53633? +
What products are affected by CVE-2025-53633? +
How do I check if I'm vulnerable to CVE-2025-53633? +
Related Vulnerabilities
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.32, there is …
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image …
SAP NetWeaver remote service for Xcelsius allows an attacker with network access and high privileges to execute arbitrary code on …
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial …
Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue …
Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit …