AstrBot Project, Arbitrary File Read, CVE-2025-57697 (Critical)

By /

Listen to this Post

The vulnerability resides in the `_encode_image_bs64` function within the `entities.py` file of AstrBot Project v3.5.22. This function is intended to open an image file specified by a user via the request body, read its contents, and return them as a base64-encoded string. However, it lacks any validation or sanitization of the user-supplied file path parameter. Attackers can exploit this by submitting crafted HTTP requests with manipulated path strings, such as those containing directory traversal sequences like ../../. By doing so, they can redirect the file open operation to arbitrary locations on the server filesystem. The function utilizes Python’s `open()` call without restrictions, allowing access to any file readable by the application process. Sensitive targets include system files (e.g., /etc/passwd, /etc/shadow), application configuration files, and source code. The base64-encoded content of the read file is then returned directly in the server response. An attacker can simply decode this response to obtain the plaintext contents. This issue is remotely exploitable without authentication, requiring only interaction with the vulnerable endpoint. The core flaw is the implicit trust in user-controlled input for filesystem operations, a critical oversight in secure coding practices.
Platform: AstrBot Project
Version: v3.5.22
Vulnerability: Arbitrary file read
Severity: Critical
date: 11/07/2025

Prediction: Expected Q4 2025

What Undercode Say:

Analytics

bash: curl -X POST http://target/api/endpoint -d ‘image_path=../../etc/passwd’

python: import base64; file_content = base64.b64decode(response_text)

how Exploit:

Craft malicious POST request with traversal sequences in image_path parameter to read system files.

Protection from this CVE

Validate and sanitize file paths, implement directory whitelisting, restrict application permissions.

Impact:

Sensitive data disclosure, credential theft, system information leakage.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top