CVE-2025-59835 in LangBotinfo

Zusammenfassung

von MITRE • 02.10.2025

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

22.09.2025

Veröffentlichung

02.10.2025

Moderieren

akzeptiert

Eintrag

VDB-326812

CPE

bereit

CWE

CWE-23 (bestätigt)

CVSS

6.3 (VulDB)

EPSS

0.00059

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-59835
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-59835
CVE Details	https://www.cvedetails.com/cve/CVE-2025-59835/

◂ Zurück Übersicht Weiter ▸

Do you need the next level of professionalism?

Upgrade your account now!