Submit #847481: AstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (SSRF) (CWE-918)info

TitleAstrBotDevs AstrBot 4.25.2 Server-Side Request Forgery (SSRF) (CWE-918)
Description# Technical Details A Server-Side Request Forgery exists in the `[dashboard.routes.plugin.install_plugin -> PluginManager.install_plugin -> PluginUpdator.install -> RepoZipUpdator._download_file]` method chain in `astrbot/dashboard/routes/plugin.py`, `astrbot/core/star/star_manager.py`, `astrbot/core/star/updator.py`, and `astrbot/core/zip_updator.py` of AstrBot. The application fails to validate attacker-controlled `download_url` values before using them as the server-side archive download target. It does not restrict scheme, hostname, resolved IP, or redirect destinations, and the HTTP client follows redirects. # Vulnerable Code File: `astrbot/dashboard/routes/plugin.py`, `astrbot/core/star/star_manager.py`, `astrbot/core/star/updator.py`, `astrbot/core/zip_updator.py` Method: `install_plugin`, `PluginManager.install_plugin`, `PluginUpdator.install`, `RepoZipUpdator._download_file` Why: `POST /api/plugin/install` reads `download_url` from JSON, forwards it unchanged into the plugin installation flow, and the downloader performs an outbound GET to that URL with redirect following enabled. This lets any authenticated dashboard user force server-side requests to arbitrary internal or loopback targets. # Reproduction 1. Start a real AstrBot instance with the dashboard enabled and authenticate as any valid dashboard user. 2. Send `POST /api/plugin/install` with a normal repository URL and `download_url=http://127.0.0.1:19041/plugin-install.zip`. 3. Observe the attacker-controlled listener receive `GET /plugin-install.zip` and AstrBot log `Downloading plugin archive for dummy_variant_plugin_install: http://127.0.0.1:19041/plugin-install.zip`. # Impact - Authenticated users can trigger SSRF to loopback, internal services, or cloud metadata endpoints reachable from the AstrBot host. - The attacker-controlled response body is processed as a plugin ZIP archive, increasing the blast radius beyond blind network probing.
Source⚠️ https://gist.github.com/YLChen-007/f78dca91883a8f5087f34db711ee7dbf
User
 Eric-j (UID 98073)
Submission06/04/2026 08:13 (1 month ago)
Moderation07/12/2026 08:20 (1 month later)
StatusDuplicate
VulDB entry377807 [AstrBotDevs AstrBot up to 4.25.2 market_list Endpoint plugin.py get_online_plugins custom_registry server-side request forgery]
Points0

Want to know what is going to be exploited?

We predict KEV entries!