Home > Vulnerability Database > CVE-2025-57698

Mend.io Vulnerability Database

CVE-2025-57698

Good to know:

Date: November 6, 2025

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function "file.save", so that the file in the request body can be saved to any location in the file system through directory traversal.

Severity Score

7.5

Related Resources (4)

Url: https://github.com/AstrBotDevs/AstrBot

Url: https://github.com/DYX217/vulnerability-explore/blob/main/2/README.md

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-57698

Url: https://www.mend.io/vulnerability-database/CVE-2025-57698

Severity Score

7.5

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-57698

Good to know:

Date: November 6, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?