CVE-2025-65957 | THREATINT

Description

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

PUBLISHED Reserved 2025-11-18 | Published 2025-11-25 | Updated 2025-11-26 | Assigner GitHub_M

HIGH: 8.8CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L

Problem types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Product status

< dffe050d565a580edfcd0242efa45da88ab31260

affected

References

github.com/...re-Bot/security/advisories/GHSA-42j6-x28v-38r8

github.com/...ommit/dffe050d565a580edfcd0242efa45da88ab31260

cve.org (CVE-2025-65957)

nvd.nist.gov (CVE-2025-65957)

Download JSON