CVE-2025-57698
HIGHAstrBot 3.5.22 - Path Traversal via Plugin Install-Upload Filename Handling
Title source: llmDescription
AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://github.com/DYX217/vulnerability-explore/blob/main/2/README.md
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
60.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
astrbot/astrbot
3.5.22
pypi/AstrBot
0PyPI
Published
Nov 07, 2025
Tracked Since
Feb 18, 2026