Description

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.

INFO

Published Date :

2025-06-02T11:16:14.370Z

Last Modified :

2025-06-23T18:03:57.703Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48957 vulnerability.

Vendors Products
Astrbot
  • Astrbot
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48957.

URL Resource
https://github.com/AstrBotDevs/AstrBot/commit/cceadf222c46813c7f41115b40d371e7eb91e492 cve-icon cve-icon
https://github.com/AstrBotDevs/AstrBot/issues/1675 cve-icon cve-icon
https://github.com/AstrBotDevs/AstrBot/pull/1676 cve-icon cve-icon
https://github.com/AstrBotDevs/AstrBot/security/advisories/GHSA-cq37-g2qp-3c2p cve-icon cve-icon cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-48957-detect-astrbot-dashboard-vulnerability?prevUrl=wizard cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-48957-mitigate-astrbot-dashboard-vulnerability?prevUrl=wizard cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact