CVE-2025-65957
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65957, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-11-26

Last updated on: 2025-11-26

Assigner: GitHub, Inc.

Description

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-11-26
Last Modified
2025-11-26
Generated
2026-07-06
AI Q&A
2025-11-26
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
core_bot core_bot 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability involves the Core Bot, an open source Discord bot, where sensitive API keys (such as SUPABASE_API_KEY and TOKEN) that are normally loaded via environment variables can be inadvertently exposed. Specifically, in certain parts of the code related to error handling, summaries, and webhooks, configuration summaries may leak sensitive data by failing to properly redact it in summary embeds or logs. This exposure could allow unauthorized parties to access sensitive credentials.

Impact Analysis

The vulnerability can lead to the exposure of sensitive API keys, which could allow attackers to gain unauthorized access to services or data protected by those keys. This could result in data breaches, unauthorized actions within the bot's environment, or compromise of connected systems relying on those credentials.

Mitigation Strategies

Update the Core Bot to include the patch from commit dffe050 which fixes the issue of sensitive data leakage by properly redacting configuration summaries in error handling, summaries, and webhooks. Ensure that environment variables containing API keys (SUPABASE_API_KEY, TOKEN) are not exposed in logs or summary embeds.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart