Vulnerability in Ctfer-io Chall-manager

CVE-2025-53633

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Expl…

EPSS: 0.004 (63.6th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Chall-manager — versions < 0.1.4

Weakness classification (CWE)

CWE-405 — Asymmetric Resource Consumption (Amplification)

References

https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-r7fm-3pqm-ww5w (x_refsource_CONFIRM)
https://github.com/ctfer-io/chall-manager/commit/14042aa66a577caee777e10fe09adcf2587d20dd (x_refsource_MISC)
https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4 (x_refsource_MISC)