CVE 8.8 HIGH

Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages_CVE-2025-65957

November 25, 2025 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L

Description

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

AI Analysis

Sensitive data leakage due to insufficient redaction in error handling, summaries, and webhooks

Basic Information

ID CVE-2025-65957

Source GitHub_M

Published Nov 25, 2025 at 23:33

Affected Product

Vendor Intercore-Productions

Product Core-Bot

Version < dffe050d565a580edfcd0242efa45da88ab31260

Affected Versions Intercore-Productions Core-Bot < dffe050d565a580edfcd0242efa45da88ab31260

CWE Classification

CWE-200

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Intercore-Productions

Product Core-Bot

Version < dffe050d565a580edfcd0242efa45da88ab31260

References

{
    "lastseen": "",
    "description": "Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.",
    "published": "2025-11-25T23:33:09.921Z",
    "modified": "2025-11-25T23:33:09.921Z",
    "type": "cve",
    "title": "Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages",
    "source": "GitHub_M",
    "references": "https://github.com/Intercore-Productions/Core-Bot/security/advisories/GHSA-42j6-x28v-38r8\nhttps://github.com/Intercore-Productions/Core-Bot/commit/dffe050d565a580edfcd0242efa45da88ab31260",
    "id": "CVE-2025-65957",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "Intercore-Productions Core-Bot < dffe050d565a580edfcd0242efa45da88ab31260",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Core-Bot",
    "version": "< dffe050d565a580edfcd0242efa45da88ab31260",
    "vendor": "Intercore-Productions",
    "ai_description": "Sensitive data leakage due to insufficient redaction in error handling, summaries, and webhooks",
    "ai_severity": "High",
    "ai_vendor": "Intercore-Productions",
    "ai_product": "Core-Bot",
    "ai_version": "< dffe050d565a580edfcd0242efa45da88ab31260",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply