CVE-2022-35978 is a vulnerability identified in Minetest, an open-source voxel game engine known for its modding capabilities and game creation flexibility. The flaw exists in versions up to and including 5.5.1. Specifically, in single-player mode, a mod has the ability to set a global configuration that determines the Lua script loaded to display the main menu upon exiting the game session. The critical issue is that the Lua environment executing this menu script is not sandboxed, meaning it has unrestricted access to the user's system environment. Consequently, malicious or compromised mods can execute arbitrary Lua code with the same privileges as the user running Minetest, potentially leading to unauthorized system modifications, data corruption, or other malicious activities. Notably, there are currently no known workarounds or patches available to mitigate this vulnerability. The vulnerability is categorized under CWE-693 (Protection Mechanism Failure), highlighting a failure in enforcing proper security boundaries within the application. Although no known exploits have been reported in the wild, the ease of exploitation in single-player mode and the lack of sandboxing pose a significant risk to users who install untrusted or malicious mods. This vulnerability primarily affects the confidentiality and integrity of the user's system, with potential impacts on availability if destructive scripts are executed. Since the vulnerability requires no authentication beyond running a mod in single-player mode and no user interaction beyond exiting the game session, the attack vector is relatively straightforward for a local attacker or a user who installs a malicious mod unknowingly.

For European organizations, the direct impact of this vulnerability is likely limited due to Minetest's primary use as a gaming platform rather than enterprise software. However, organizations with employees or users who run Minetest on corporate or personal devices connected to organizational networks could face indirect risks. Malicious Lua scripts could compromise endpoint devices, leading to potential data leakage, unauthorized access, or lateral movement within corporate networks if the compromised device is connected to sensitive environments. Additionally, educational institutions or gaming communities in Europe that use Minetest for educational or recreational purposes may be at risk of system compromise. The vulnerability could also be exploited to deliver malware or ransomware payloads via malicious mods, impacting device availability and organizational productivity. Given the lack of sandboxing, the threat extends beyond the game environment to the underlying operating system, increasing the potential severity of attacks. However, the scope remains limited to single-player mode and requires mod installation, which somewhat constrains widespread exploitation in corporate environments.

To mitigate this vulnerability, European organizations and users should implement the following specific measures: 1) Restrict installation of Minetest mods to those obtained from trusted and verified sources only, employing digital signatures or checksums where possible to validate mod integrity. 2) Employ endpoint protection solutions capable of monitoring and restricting unauthorized script execution or suspicious behavior originating from user applications like Minetest. 3) Use application sandboxing or containerization technologies to isolate Minetest processes from critical system resources, thereby limiting the potential impact of malicious Lua scripts. 4) Educate users, especially in educational and gaming communities, about the risks of installing unverified mods and encourage safe modding practices. 5) Monitor system logs and network traffic for unusual activity following Minetest usage to detect potential exploitation attempts early. 6) Where feasible, run Minetest in restricted user accounts with minimal privileges to reduce the impact of any malicious code execution. 7) Stay informed on updates from the Minetest project for any forthcoming patches or security advisories addressing this vulnerability. Since no patches or workarounds currently exist, these proactive controls are critical to risk reduction.