Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Local low-privilege access required (AV:L, PR:L); I:L added over vendor vector because symlink redirect also deposits extracted files into unauthorized directories, constituting a write-anywhere primitive.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 7 pypi packages depend on chatterbot (6 direct, 1 indirect)
Ecosystem-wide dependent count for version 1.2.14.
DescriptionCVE.org
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract() uses a predictable home-rooted output directory (~/ubuntu_data/ubuntu_dialogs) with a check-then-create pattern followed by tar.extractall(path=self.data_path), allowing a local attacker who pre-plants a symlink at the predictable path to cause archive contents to be written through the symlink to an attacker-chosen directory. This issue is fixed in version 1.2.14.
AnalysisAI
Symlink-based extraction redirect in ChatterBot prior to 1.2.14 enables a local attacker with standard user privileges to cause training corpus archive contents to be written to an attacker-controlled directory by pre-planting a symlink at the predictable path ~/ubuntu_data/ubuntu_dialogs before UbuntuCorpusTrainer.extract() runs. The check-then-create pattern preceding tar.extractall() creates a CWE-367 TOCTOU window that, on shared multi-user systems, allows the attacker to intercept the extraction target without any race if the symlink is planted before the first training run. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local attacker with a valid user account on the same multi-user system as the victim. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) reflects local exploitation requiring only a standard user account, with low attack complexity given the predictable and stable target path. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker on a shared Linux server - such as a shared development host or a university compute cluster - learns that a victim user periodically retrains a ChatterBot model using UbuntuCorpusTrainer. Before the victim's first training run, the attacker creates a symlink at ~/victim_home/ubuntu_data/ubuntu_dialogs (if they have write access to that path) or simply waits for the victim to attempt creation and wins the race, redirecting it to /tmp/attacker_drop or another world-writable location the attacker monitors. … |
| Remediation | Upgrade to ChatterBot version 1.2.14 or later, which resolves the TOCTOU symlink vulnerability in UbuntuCorpusTrainer.extract() via fix commit 82817b5c28bfd43e682b991bcc76e6f780726dbf (PR #2445: https://github.com/gunthercox/ChatterBot/pull/2445). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Chatterbot
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42685