CVE-2025-57697

Published: Nov 7, 2025

Modified: Nov 12, 2025

PUBLISHED

Description

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/DYX217/vulnerability-explore/blob/main/1/README.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57697

Description

Affected Products

References