7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-48957

CVE-2025-48957: AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

Impact

This vulnerability may lead to:

Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data.

Reproduce

Follow these steps to set up a test environment for reproducing the vulnerability:

Install dependencies and clone the repository:

pip install uv
git clone https://github.com/AstrBotDevs/AstrBot && cd AstrBot
uv run main.py

Alternatively, deploy the program via pip:

mkdir astrbot && cd astrbot
uvx astrbot init
uvx astrbot run

In another terminal, run the following command to exploit the vulnerability:

curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json

This request will read the cmd_config.json config file, leading to the leakage of sensitive data such as LLM API keys, usernames, and password hashes (MD5).

Patches

The vulnerability has been addressed in Pull Request #1676 and is included in versions >= v3.5.13. All users are strongly encouraged to upgrade to v3.5.13 or later.

Workarounds

Users can edit the cmd_config.json file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later as soon as possible to fully resolve this issue.

References

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-48957

CVE-2025-48957:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
astrbot	pip	>= 3.4.4, <= 3.5.12	3.5.13

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a path traversal in the /api/chat/get_file endpoint, which is handled by the get_file method of the ChatView class in astrbot/dashboard/routes/chat.py. The provided commit cceadf222c46813c7f41115b40d371e7eb91e492 shows the exact changes made to this function to fix the vulnerability. Specifically, the original code concatenated a user-provided filename with a base directory without proper sanitization. The patch introduces the use of os.path.basename() to extract only the filename and os.path.realpath() to resolve the absolute path, followed by a check to ensure this path is within the allowed self.imgs_dir. This directly addresses the path traversal. The exploit curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json confirms that this endpoint and the filename parameter were the vector for the attack. The auth_middleware function in astrbot/dashboard/server.py was also modified to remove /api/chat/get_file from allowed_endpoints that bypass authentication, which is a secondary hardening measure but the primary flaw was in get_file's handling of the filename parameter.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-48957: AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

Impact

Reproduce

Patches

Workarounds

References

CVE-2025-48957:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.5

7.5

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2025-48957: AstrBot Has Path Traversal Vulnerability in /api/chat/get_file

Impact

Reproduce

Patches

Workarounds

References

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI