CNNVD-202510-2098 Information

CNNVD ID

CNNVD-202510-2098

Related CVE

CVE-2025-62378

• CNNVD Published: 2025-10-15

Description (Chinese)

commandKit是Under Ctrl开源的一个构建Discord机器人的开发工具。 commandKit 1.2.0-rc.1版本至1.2.0-rc.11版本存在安全漏洞，该漏洞源于消息命令处理程序中存在逻辑缺陷，可能导致未经授权的命令执行或不准确的访问控制决策。

Description (English)

CommandKit is a tool for the development of Discord robots from the Under Ctrl Open Source. There is a security loophole in versions 1.2.0-rc.1 to 1.2.0-rc.11, which stems from a logical flaw in the message command process, which may lead to unauthorized orders being executed or inaccurate access control decisions.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Under Ctrl

Published

2025-10-15

Last Modified

2026-02-24

References

https://github.com/underctrl-io/commandkit/security/advisories/GHSA-fhwm-pc6r-4h2f https://access.redhat.com/security/cve/cve-2025-62378

Patch

https://github.com/underctrl-io/commandkit/releases