PT-2026-60922 · Astrbot · Astrbot
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
AstrBot versions prior to 4.25.6
Description
An issue exists in the Filesystem Computer-Use Tool within the
normalize rw path() function of the astrbot/core/tools/computer tools/fs.py file. A local attacker can perform a manipulation that results in link following, which occurs when the software follows a symbolic link to access a file or directory outside the intended scope.Recommendations
Update to a version newer than 4.25.5.
As a temporary mitigation, restrict local access to the system to prevent exploitation of the
normalize rw path() function.Exploit
Fix
Link Following
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astrbot