QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59835

Published: Oct 2, 2025

Modified: Oct 2, 2025

PUBLISHED

Description

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.

Vendor	Product	Versions
langbot-app	LangBot	affected `>= 4.1.0, < 4.3.5`

Weaknesses (CWE)

References

https://github.com/langbot-app/LangBot/security/advisories/GHSA-7j3j-qj83-9qv4

x_refsource_CONFIRM

https://github.com/langbot-app/LangBot/pull/1691

x_refsource_MISC

https://github.com/langbot-app/LangBot/releases/tag/v4.3.5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.