Moderate severityNVD Advisory· Published Nov 7, 2025· Updated Nov 12, 2025
CVE-2025-57697
CVE-2025-57697
Description
AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
AstrBotPyPI | <= 3.5.22 | — |
Affected products
2- AstrBot/AstrBot Projectdescription
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.