VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.

Basic Information

ID CVE-2025-53943

Source GitHub_M

Published Jul 16, 2025 at 16:07

Modified Jul 18, 2025 at 14:32

Affected Product

Vendor Death1Clown

Product VoidBot_open-source

Version >= 0.0.1, < 1.0.0

Affected Versions Death1Clown VoidBot_open-source >= 0.0.1, < 1.0.0

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.",
    "published": "2025-07-16T16:07:52.120Z",
    "modified": "2025-07-18T14:32:27.175Z",
    "type": "cve",
    "title": "VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution",
    "source": "GitHub_M",
    "references": "https://github.com/Death1Clown/VoidBot_open-source/security/advisories/GHSA-6rr8-9c8q-m5rv\nhttps://discordjs.guide/popular-topics/permissions.html",
    "id": "CVE-2025-53943",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Death1Clown VoidBot_open-source >= 0.0.1, < 1.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VoidBot_open-source",
    "version": ">= 0.0.1, < 1.0.0",
    "vendor": "Death1Clown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution_CVE-2025-53943