Skip to content

[Serious] Litematica Mod Emergency refuge #60

Description

@EndlessPixel

Caution

Litematica Mod has recently been exposed to a serious vulnerability, and your device may be controlled by hackers.

Vulnerability Overview

This critical vulnerability stems from a path traversal flaw in the file processing logic of the Litematica projection mod. It enables malicious server operators to execute arbitrary code and write files onto connected clients' systems, constituting a zero-day Remote Code Execution (RCE) risk. This issue is currently being actively exploited in the wild.

Attack Mechanism
Attackers are deploying honeypot servers—often disguised as free or item-duplication servers—to target specific gaming communities. Upon joining such a server, a Remote Access Trojan (RAT) is silently installed on the player's device. After the game is restarted, the malware activates, granting attackers full remote control over the victim's system, including mouse and keyboard inputs. This can lead to complete device compromise, credential theft, and the installation of persistent backdoors for follow-up attacks.

Technical Details
Litematica synchronizes files with servers via the network channel servux:litematics. In vulnerable versions, the mod fails to sanitize or validate filenames provided by the server. By sending a crafted filename containing path-traversal sequences (e.g., ../../malicious.bat), a malicious server can trick the client into writing the payload to an arbitrary location on the filesystem. This arbitrary file write primitive ultimately paves the way for remote code execution and full system takeover.

This description is not from the official community, but a summary based on the information provided on the Internet. Please identify the authenticity before dissemination.

Minimum Security Version

Minecraft Litematica Mod EndlesPixel Modpack
1.21.11 0.26.11 1.21.11-3.9
26.1.2 0.27.9 26.1.2-1.8
26.2 0.28.3 26.2-a5

References: https://www.bilibili.com/video/BV1ZbMx6oEoz

Metadata

Metadata

Assignees

No one assigned

    Labels

    repair-completedFix has been completedsecurityVulnerability or exposure riskupstream-issueRoot cause in upstream code

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions