CVE-2025-48957

HIGH

AstrBot 3.4.4-3.5.12 - Path Traversal and Information Disclosure via Dashboard Feature

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-48957. PoCs published by iSee857, Acczdy.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2025-48957, specifically targeting an arbitrary file read vulnerability in AstrBot. The script demonstrates the vulnerability by sending crafted requests to read files from the target system.

Description

AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.

Exploits (2)

github WORKING POC 40 stars
by iSee857 · pythonpoc
https://github.com/iSee857/CVE-PoC/tree/main/AstrBot-CVE-2025-48957-ReadAnyFile.py

The repository contains a functional exploit PoC for CVE-2025-48957, specifically targeting an arbitrary file read vulnerability in AstrBot. The script demonstrates the vulnerability by sending crafted requests to read files from the target system.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: AstrBot
No auth needed
Prerequisites: network access to the target system
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WRITEUP
by Acczdy · pythonpoc
https://github.com/Acczdy/CVE-Vault/tree/master/CVE-2025-48957

This is a detailed technical writeup of CVE-2025-48957, a path traversal vulnerability in AstrBot Dashboard versions 3.4.4 to 3.5.12. It includes vulnerability analysis, exploitation steps, and mitigation recommendations.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: AstrBot Dashboard 3.4.4 - 3.5.12
No auth needed
Prerequisites: Access to the vulnerable endpoint /api/chat/get_file
devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.5
EPSS 0.0106
EPSS Percentile 78.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22 CWE-23
Status published
Products (2)
astrbot/astrbot 3.4.4 - 3.5.13
pypi/astrbot 3.4.4 - 3.5.13PyPI
Published Jun 02, 2025
Tracked Since Feb 18, 2026