Home > Vulnerability Database > CVE-2025-59835

Mend.io Vulnerability Database

CVE-2025-59835

Good to know:

Date: October 2, 2025

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.

Severity Score

9.9

Related Resources (5)

Url: https://github.com/langbot-app/LangBot/security/advisories/GHSA-7j3j-qj83-9qv4

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-59835

Url: https://github.com/langbot-app/LangBot/releases/tag/v4.3.5

Url: https://github.com/langbot-app/LangBot/pull/1691

Url: https://www.mend.io/vulnerability-database/CVE-2025-59835

Severity Score

9.9

Weakness Type (CWE)

Unrestricted Upload of File with Dangerous Type

CWE-434

Relative Path Traversal

CWE-23

Top Fix

Upgrade Version

Upgrade to version langbot - 4.5.1;https://github.com/langbot-app/LangBot.git - v4.3.5

Learn More

CVSS v3.1

Base Score:	9.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-59835

Good to know:

Date: October 2, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?