CVE-2025-55449
- EPSS 0.28%
- Veröffentlicht 08.05.2026 00:00:00
- Zuletzt bearbeitet 12.05.2026 13:49:53
AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
CVE-2025-57698
- EPSS 0.68%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 05.12.2025 20:51:03
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename ...
CVE-2025-57697
- EPSS 0.28%
- Veröffentlicht 07.11.2025 00:00:00
- Zuletzt bearbeitet 05.12.2025 20:42:56
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a...
CVE-2025-48957
- EPSS 0.62%
- Veröffentlicht 02.06.2025 11:16:14
- Zuletzt bearbeitet 25.06.2025 17:39:23
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitiv...