High severity7.1NVD Advisory· Published Apr 4, 2023· Updated Jun 17, 2026
CVE-2023-25305
CVE-2023-25305
Description
PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- PolyMC/Launcherdescription
- Range: <=1.4.3
Patches
Vulnerability mechanics
References
2- github.com/PolyMC/PolyMC/security/advisories/GHSA-3rfr-g9g9-7gx2nvdPatchVendor Advisory
- quiltmc.org/en/blog/2023-02-04-five-installer-vulnerabilities/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.