CNNVD-202511-807 Information

Nov 07, 2025 cve

CNNVD ID

CNNVD-202511-807

CVE-2025-57698

CNNVD Published: 2025-11-07

Description (Chinese)

AstrBot是AstrBot开源的一个多平台 LLM 聊天机器人及开发框架。 AstrBot v3.5.22版本存在安全漏洞，该漏洞源于对文件/plugin/install-upload中参数filename的错误操作，可能导致目录遍历攻击。

Description (English)

AstrBot is a multi-platform LLM chat robotic and development framework for AstrBot open source. There is a security loophole in version AstrBot v3.5.22, which stems from an error in the file/plugin/install-upload parameter filename, which could lead to a catalogue attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

AstrBot

Published

2025-11-07

Last Modified

2026-02-24

References

https://github.com/DYX217/vulnerability-explore/blob/main/2/README.md

Patch

https://astrbot.app/

Share on: