CNNVD-202511-801 Information

CNNVD ID

CNNVD-202511-801

Related CVE

CVE-2025-57697

• CNNVD Published: 2025-11-07

Description (Chinese)

AstrBot是AstrBot开源的一个多平台 LLM 聊天机器人及开发框架。 AstrBot v3.5.22版本存在安全漏洞，该漏洞源于_encode_image_bs64函数未验证图像路径合法性，可能导致任意文件读取和数据泄露。

Description (English)

AstrBot is a multi-platform LLM chat robotic and development framework for AstrBot open source. The security gap in version AstrBot v3.5.22 arises from the fact that the function of encode image bs64 does not verify the validity of the image path, which may lead to any document reading and data leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AstrBot

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/DYX217/vulnerability-explore/blob/main/1/README.md

Patch

https://astrbot.app/