Search criteria
1 vulnerability by Death1Clown
CVE-2025-53943 (GCVE-0-2025-53943)
Vulnerability from cvelistv5 – Published: 2025-07-16 16:07 – Updated: 2025-07-18 14:32
VLAI
Title
VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution
Summary
VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/Death1Clown/VoidBot_open-sourc… | x_refsource_CONFIRM |
| https://discordjs.guide/popular-topics/permissions.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Death1Clown | VoidBot_open-source |
Affected:
>= 0.0.1, < 1.0.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-18T14:32:20.275524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T14:32:27.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VoidBot_open-source",
"vendor": "Death1Clown",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.0.1, \u003c 1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to execute sensitive commands such as `ban`, `kick`, or `shutdown`, potentially disrupting server operations. Version 1.0.0 fixes the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T16:07:52.120Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Death1Clown/VoidBot_open-source/security/advisories/GHSA-6rr8-9c8q-m5rv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Death1Clown/VoidBot_open-source/security/advisories/GHSA-6rr8-9c8q-m5rv"
},
{
"name": "https://discordjs.guide/popular-topics/permissions.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://discordjs.guide/popular-topics/permissions.html"
}
],
"source": {
"advisory": "GHSA-6rr8-9c8q-m5rv",
"discovery": "UNKNOWN"
},
"title": "VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53943",
"datePublished": "2025-07-16T16:07:52.120Z",
"dateReserved": "2025-07-14T17:23:35.262Z",
"dateUpdated": "2025-07-18T14:32:27.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}