{"data":{"id":"b2853608-43e1-4676-b0a4-a4e0e06b6502","title":"CVE-2025-48957: AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions ","summary":"AstrBot, a chatbot and development framework powered by large language models (LLMs, AI systems trained on large amounts of text data), has a path traversal vulnerability (a flaw that lets attackers access files they shouldn't be able to reach) in versions 3.4.4 through 3.5.12 that could expose sensitive information like API keys (credentials used to access external services) and passwords. The vulnerability was fixed in version 3.5.13.","solution":"Upgrade to version 3.5.13 or later. As a temporary workaround, users can edit the `cmd_config.json` file to disable the dashboard feature.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-48957","publishedAt":"2025-06-02T12:15:25.680Z","cveId":"CVE-2025-48957","cweIds":["CWE-23","CWE-22"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["AstrBot"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00347,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}