CVE-2025-66687 Overview
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files. This vulnerability (CWE-22) allows attackers to access files and directories outside the intended extraction path by manipulating file paths with traversal sequences such as ../.
Critical Impact
Attackers can exploit this directory traversal flaw to read sensitive files outside the intended game file directory, potentially exposing configuration files, credentials, or other confidential data on the target system.
Affected Products
- Doom Launcher version 3.8.1.0
Discovery Timeline
- 2026-03-16 - CVE CVE-2025-66687 published to NVD
- 2026-03-17 - Last updated in NVD database
Technical Details for CVE-2025-66687
Vulnerability Analysis
This directory traversal vulnerability exists in Doom Launcher's file extraction functionality. When processing game files, the application fails to properly validate or sanitize file paths before extraction. This allows an attacker to craft malicious archive files containing path traversal sequences that escape the intended extraction directory.
The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), which occurs when software uses external input to construct a pathname that should be within a restricted directory, but fails to properly neutralize sequences like ../ that can resolve to a location outside of that directory.
Root Cause
The root cause of this vulnerability is the absence of proper input validation and path canonicalization during the game file extraction process in Doom Launcher. When extracting files from archives, the application directly uses the file paths embedded within the archive without verifying that the resulting extraction path remains within the designated output directory. This allows specially crafted archives to write files to arbitrary locations on the filesystem.
Attack Vector
The attack vector for this vulnerability is network-based, requiring no privileges or user interaction. An attacker could distribute a malicious game file archive through community forums, mod repositories, or other channels where Doom players download content. When a victim attempts to extract the malicious archive using Doom Launcher, the embedded traversal sequences cause files to be written or read from locations outside the intended game directory.
A typical exploitation scenario involves crafting an archive containing filenames with path traversal sequences such as ../../sensitive_location/malicious_file. When the vulnerable Doom Launcher extracts this archive, it follows the traversal path literally instead of restricting output to the designated folder.
For detailed technical information regarding this vulnerability, refer to the GitHub Issue Report and the Jeroscope Security Advisory.
Detection Methods for CVE-2025-66687
Indicators of Compromise
- Unexpected files appearing outside Doom Launcher's game file directories
- Archive extraction logs showing file paths containing ../ sequences
- Modified or new files in sensitive system directories following game file extraction operations
- Suspicious archive files with embedded path traversal sequences in filename entries
Detection Strategies
- Monitor file system activity during Doom Launcher execution for writes outside expected directories
- Implement file integrity monitoring on critical system directories
- Scan downloaded game archives for path traversal sequences before extraction
- Review Doom Launcher logs for extraction errors or unusual path references
Monitoring Recommendations
- Enable verbose logging for Doom Launcher file operations if available
- Deploy endpoint detection solutions to identify directory traversal attack patterns
- Monitor network traffic for downloads of game archives from untrusted sources
- Implement SentinelOne's behavioral AI to detect anomalous file system access patterns during application execution
How to Mitigate CVE-2025-66687
Immediate Actions Required
- Avoid extracting game files or archives from untrusted sources until a patch is available
- Manually inspect archive contents before extraction using trusted archive tools
- Run Doom Launcher in a sandboxed environment or with restricted file system permissions
- Monitor for updates from the Doom Launcher development team
Patch Information
At the time of publication, no official patch information has been released for this vulnerability. Users should monitor the GitHub Issue Report for updates from the Doom Launcher maintainers regarding a security fix.
Workarounds
- Only download and extract game files from trusted, verified sources
- Use alternative archive extraction tools that implement path traversal protections before importing files into Doom Launcher
- Configure file system permissions to restrict Doom Launcher's write access to only its designated directories
- Consider using application sandboxing solutions to limit the impact of potential exploitation
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
