Description
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Death1Clown/VoidBot_open-source/security/advisories/GHSA-6rr8-9c8q-m5rv
Various Sources x_refsource_misc
https://discordjs.guide/popular-topics/permissions.html
Scores
CVSS v4
8.7
EPSS
0.0032
EPSS Percentile
24.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-863
Status
published
Products (1)
Death1Clown/VoidBot_open-source
>= 0.0.1, < 1.0.0
Published
Jul 16, 2025
Tracked Since
Feb 18, 2026