CVE-2025-65957
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-26

Last updated on: 2025-11-26

Assigner: GitHub, Inc.

Description
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-26
Last Modified
2025-11-26
Generated
2026-06-16
AI Q&A
2025-11-26
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65957
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
core_bot core_bot 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves the Core Bot, an open source Discord bot, where sensitive API keys (such as SUPABASE_API_KEY and TOKEN) that are normally loaded via environment variables can be inadvertently exposed. Specifically, in certain parts of the code related to error handling, summaries, and webhooks, configuration summaries may leak sensitive data by failing to properly redact it in summary embeds or logs. This exposure could allow unauthorized parties to access sensitive credentials.

Impact Analysis

The vulnerability can lead to the exposure of sensitive API keys, which could allow attackers to gain unauthorized access to services or data protected by those keys. This could result in data breaches, unauthorized actions within the bot's environment, or compromise of connected systems relying on those credentials.

Mitigation Strategies

Update the Core Bot to include the patch from commit dffe050 which fixes the issue of sensitive data leakage by properly redacting configuration summaries in error handling, summaries, and webhooks. Ensure that environment variables containing API keys (SUPABASE_API_KEY, TOKEN) are not exposed in logs or summary embeds.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65957. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart