CVE-2025-53943

Summary

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as ban, kick, or shutdown, potentially disrupting server operations. Version 1.0.0 fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Death1ClownVoidBot_open-source>= 0.0.1, < 1.0.0affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References