CVE-2025-65957
8.8
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L
Summary
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Intercore-Productions | Core-Bot | < dffe050d565a580edfcd0242efa45da88ab31260 | affected |
Weaknesses
- CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://github.com/Intercore-Productions/Core-Bot/security/advisories/GHSA-42j6-x28v-38r8
- https://github.com/Intercore-Productions/Core-Bot/commit/dffe050d565a580edfcd0242efa45da88ab31260
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.