CVE-2025-55449
Awaiting Analysis Awaiting Analysis - Queue
Hardcoded JWT Private Key in AstrBot 3.5.15

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2025-55449
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
astrbotdevs astrbot 3.5.15
astrbotdevs astrbot to 3.5.17 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-321 The product uses a hard-coded, unchangeable cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-55449 is a vulnerability in AstrBot versions 3.5.17 and earlier where a hardcoded private key (JWT secret) is used in the source code. This secret key is used to sign JSON Web Tokens (JWTs), which are part of the authentication mechanism.

Because the private key is hardcoded and publicly known, attackers can exploit this by forging JWTs to bypass authentication controls.

This allows attackers to upload arbitrary plugins to the AstrBot system, which can lead to remote code execution (RCE), meaning they can run malicious code on the affected system.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access and control over the AstrBot system.

  • Attackers can upload arbitrary plugins, potentially introducing malicious code.
  • Remote code execution (RCE) can allow attackers to execute commands or code on the server running AstrBot.
  • This can lead to data breaches, system compromise, or further attacks within the network.
Detection Guidance

This vulnerability can be detected by checking if your AstrBot installation is version 3.5.17 or earlier, as these versions contain a hardcoded JWT secret that allows unauthorized plugin uploads.

One practical way to detect exploitation attempts is to monitor for unusual plugin upload activities or unauthorized access attempts using the hardcoded JWT secret.

Additionally, running the proof-of-concept Python script from the exploit repository can help verify if your system is vulnerable.

  • Check AstrBot version installed on your system.
  • Monitor logs for plugin upload attempts using the hardcoded JWT secret.
  • Run the provided Python exploit script from the CVE-2025-55449 proof-of-concept repository to test for vulnerability.
Mitigation Strategies

To mitigate this vulnerability, immediately upgrade AstrBot to a version later than 3.5.17 where the hardcoded JWT secret issue is resolved.

If upgrading is not immediately possible, restrict access to the AstrBot service to trusted users only and monitor for suspicious plugin uploads.

Remove or rotate any hardcoded JWT secrets in your deployment to prevent unauthorized plugin installation and remote code execution.

Compliance Impact

The vulnerability involves a hardcoded private key used to sign JWTs, which allows attackers to upload arbitrary plugins and execute remote code. This insecure authentication mechanism could lead to unauthorized access and potential data breaches.

Such unauthorized access and potential data compromise may negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data security and access management.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55449. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart