CVE-2025-48957
Published: 02 June 2025
Summary
CVE-2025-48957 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Astrbot Astrbot. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Privacy and Disclosure risk domain.
Deeper analysis
AstrBot is a large language model chatbot and development framework that contains a path traversal vulnerability in versions 3.4.4 through 3.5.12. The flaw, tracked under CWE-22 and CWE-23, permits unauthorized access to files outside intended directories and can expose sensitive information including API keys for LLM providers, account passwords, and other configuration data. It carries a CVSS 3.1 score of 7.5 reflecting network attack vector, low complexity, and no required authentication or user interaction.
An unauthenticated remote attacker can send crafted requests to the dashboard component over the network to read arbitrary files on the host system, achieving high-impact confidentiality exposure without affecting integrity or availability.
The vulnerability was corrected in pull request 1676 and released in version 3.5.13. Official guidance recommends upgrading to 3.5.13 or later; as a temporary workaround users may edit cmd_config.json to disable the dashboard feature. The associated GitHub security advisory and commit references provide the patch details and confirmation of the fix.
The affected software is an LLM chatbot framework, placing the issue in an AI/ML context, though the EPSS score has remained flat at 0.0106 with no indicated rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16634
Vulnerability details
AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability…
more
has been addressed in Pull Request #1676 and is included in version 3.5.13. As a workaround, users can edit the `cmd_config.json` file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later to fully resolve this issue.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model, llm
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in AstrBot dashboard (public-facing web app) enables exploitation (T1190), file/directory discovery via traversal (T1083), and disclosure of credentials like API keys/passwords in config files (T1552.001).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.