Therhanderson

**Name of the Vulnerable Software and Affected Versions** ArchiSteamFarm versions V5.2.2.2 through V5.2.2.4 **Description** The issue is caused by a bug in the ArchiSteamFarm (ASF) code, which fails to adequately verify the effective access of the user sending proxy commands. Specifically, a proxy-like command sent to one bot and targeting another bot has its user's access verified against the wrong bot. This allows access to resources beyond those configured, posing a security threat to the confidentiality of other bot instances. A successful attack requires significant access granted by the original owner of the ASF process, as the attacker must control at least one bot to exploit this loophole. **Recommendations** For ArchiSteamFarm versions V5.2.2.2 through V5.2.2.4, update to version V5.2.2.5, V5.2.3.2, or a future version as soon as possible to patch the issue. As a temporary workaround, consider restricting access to the `[Bots]` commands to minimize the risk of exploitation.