CVE-2025-57698

Published: Nov 7, 2025

Modified: Nov 12, 2025

PUBLISHED

Description

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function `file.save`, so that the file in the request body can be saved to any location in the file system through directory traversal.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/DYX217/vulnerability-explore/blob/main/2/README.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-57698

Description

Affected Products

References