What is CVE-2025-53632?

CVE-2025-53632 is a vulnerability in Ctfer-io Chall-manager, classified under Path Traversal. Published 2025-07-10.

Is CVE-2025-53632 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Ctfer-io Chall-manager

CVE-2025-53632

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does no…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.002 (41.3th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Chall-manager — versions < 0.1.4

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-3gv2-v3jx-r9fh (x_refsource_CONFIRM)
https://github.com/ctfer-io/chall-manager/commit/47d188fda5e3f86285e820f12ad9fb6f9930662c (x_refsource_MISC)
https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-53632?: CVE-2025-53632 is a vulnerability in Ctfer-io Chall-manager, classified under Path Traversal. Published 2025-07-10.
Is CVE-2025-53632 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.