9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-55449

GHSA ID

GHSA-4m32-cjv7-f425

EPSS Score

CWE

CWE-345

Published

11/14/2025

Updated

11/14/2025

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-55449

CVE-2025-55449: AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary

AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin.

Details

AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python plugin that will be imported here, enabling arbitrary command execution on the target host.

Impact

All publicly accessible AstrBot instances are vulnerable.

For more information, please see: CVE-2025-55449-AstrBot-RCE

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-55449

GHSA ID

GHSA-4m32-cjv7-f425

EPSS Score

CWE

CWE-345

Published

11/14/2025

Updated

11/14/2025

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
astrbot	pip	< 3.5.18	3.5.18

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from a hard-coded JWT signing key, WEBUI_SK, which was defined in astrbot/core/__init__.py. This static, publicly known key was used to both sign and verify authentication tokens. The function Auth.generate_jwt used this key to create tokens, while the DashboardServer.auth_middleware function used the same key to validate tokens for protected routes. An attacker could leverage this knowledge to generate their own valid token, bypassing authentication entirely. Once authenticated, they could access sensitive functionality, such as the plugin installation endpoint mentioned in the vulnerability description, to achieve remote code execution. The patch remediates this by removing the hard-coded key and implementing a system where a unique, random JWT secret is generated and stored in the application's configuration upon first run.

Vulnerable functions

Auth.generate_jwt

astrbot/dashboard/routes/auth.py

This function used a hard-coded secret ('WEBUI_SK') to sign JSON Web Tokens. An attacker with knowledge of this static key could forge valid authentication tokens to impersonate any user.

DashboardServer.auth_middleware

astrbot/dashboard/server.py

This middleware function verified JSON Web Tokens using a hard-coded secret ('WEBUI_SK'). This allowed an attacker to bypass authentication by providing a self-signed token using the known secret, leading to unauthorized access to protected endpoints and subsequent remote code execution.

WAF Protection Rules

WAF Rule

### Summ*ry *str*ot us*s * **r*-*o*** JWT si*nin* k*y, *llowin* *tt**k*rs to *x**ut* *r*itr*ry *omm*n*s *y inst*llin* * m*li*ious plu*in. ### **t*ils *str*ot us*s * [**r*-*o*** JWT si*nin* k*y](*ttps://*it*u*.*om/*str*ot**vs/*str*ot/*lo*/v*.*.**/*s

Reasoning

T** vuln*r**ility st*ms *rom * **r*-*o*** JWT si*nin* k*y, `W**UI_SK`, w*i** w*s ***in** in `*str*ot/*or*/__init__.py`. T*is st*ti*, pu*li*ly known k*y w*s us** to *ot* si*n *n* v*ri*y *ut**nti**tion tok*ns. T** *un*tion `*ut*.**n*r*t*_jwt` us** t*is

9.8

Basic Information

Concerned about an active attack path?

CVE-2025-55449: AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary

Details

Impact

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI