CVE-2025-57698
- EPSS 0.31%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 05.12.2025 20:51:03
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename ...
CVE-2025-57697
- EPSS 0.05%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 05.12.2025 20:42:56
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a...
CVE-2025-48957
- EPSS 0.18%
- Veröffentlicht 02.06.2025 11:16:14
- Zuletzt bearbeitet 25.06.2025 17:39:23
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitiv...