CVE-2025-65957

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-65957

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65957.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-65957

Aliases

GHSA-42j6-x28v-38r8

Published

2025-11-25T23:33:09.921Z

Modified

2026-03-14T12:45:51.013752Z

Severity

8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L CVSS Calculator

Summary

Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Details

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASEAPIKEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/65xxx/CVE-2025-65957.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200"
    ]
}

References

Affected packages

Git / github.com/intercore-productions/core-bot

Affected ranges

Type: GIT
Repo: https://github.com/intercore-productions/core-bot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

dffe050d565a580edfcd0242efa45da88ab31260

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65957.json"