Exposure of Sensitive Information to an Unauthorized Actor

CVE-2025-65957

High

8.8/10

Summary

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

Attack Complexity: HIGH
Attack Vector: NETWORK
User Interaction: PASSIVE
Privileges Required: LOW

CWE-200 - Information Exposure

An information exposure vulnerability is categorized as an information flow (IF) weakness, which can potentially allow unauthorized access to otherwise classified information in the application, such as confidential personal information (demographics, financials, health records, etc.), business secrets, and the application's internal environment.

References

Advisory Timeline

Published Nov 26, 2025

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2025-65957

Summary

CWE-200 - Information Exposure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS