CVE-2025-57697 - AstrBot Project File Read Vulnerability

CVE ID : CVE-2025-57697 Published : Nov. 7, 2025, 6:15 p.m. | 1 hour, 3 minutes ago Description : AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...