You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Litematica Mod has recently been exposed to a serious vulnerability, and your device may be controlled by hackers.
Vulnerability Overview
This critical vulnerability stems from a path traversal flaw in the file processing logic of the Litematica projection mod. It enables malicious server operators to execute arbitrary code and write files onto connected clients' systems, constituting a zero-day Remote Code Execution (RCE) risk. This issue is currently being actively exploited in the wild.
Attack Mechanism
Attackers are deploying honeypot servers—often disguised as free or item-duplication servers—to target specific gaming communities. Upon joining such a server, a Remote Access Trojan (RAT) is silently installed on the player's device. After the game is restarted, the malware activates, granting attackers full remote control over the victim's system, including mouse and keyboard inputs. This can lead to complete device compromise, credential theft, and the installation of persistent backdoors for follow-up attacks.
Technical Details
Litematica synchronizes files with servers via the network channel servux:litematics. In vulnerable versions, the mod fails to sanitize or validate filenames provided by the server. By sending a crafted filename containing path-traversal sequences (e.g., ../../malicious.bat), a malicious server can trick the client into writing the payload to an arbitrary location on the filesystem. This arbitrary file write primitive ultimately paves the way for remote code execution and full system takeover.
This description is not from the official community, but a summary based on the information provided on the Internet. Please identify the authenticity before dissemination.
Caution
Litematica Mod has recently been exposed to a serious vulnerability, and your device may be controlled by hackers.
Vulnerability Overview
This critical vulnerability stems from a path traversal flaw in the file processing logic of the Litematica projection mod. It enables malicious server operators to execute arbitrary code and write files onto connected clients' systems, constituting a zero-day Remote Code Execution (RCE) risk. This issue is currently being actively exploited in the wild.
Attack Mechanism
Attackers are deploying honeypot servers—often disguised as free or item-duplication servers—to target specific gaming communities. Upon joining such a server, a Remote Access Trojan (RAT) is silently installed on the player's device. After the game is restarted, the malware activates, granting attackers full remote control over the victim's system, including mouse and keyboard inputs. This can lead to complete device compromise, credential theft, and the installation of persistent backdoors for follow-up attacks.
Technical Details
Litematica synchronizes files with servers via the network channel
servux:litematics. In vulnerable versions, the mod fails to sanitize or validate filenames provided by the server. By sending a crafted filename containing path-traversal sequences (e.g.,../../malicious.bat), a malicious server can trick the client into writing the payload to an arbitrary location on the filesystem. This arbitrary file write primitive ultimately paves the way for remote code execution and full system takeover.Minimum Security Version
References: https://www.bilibili.com/video/BV1ZbMx6oEoz