CVE-2025-59835

Vulnerability Description

LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.

Related Weaknesses (CWE)

References

• https://github.com/langbot-app/LangBot/pull/1691
• https://github.com/langbot-app/LangBot/releases/tag/v4.3.5
• https://github.com/langbot-app/LangBot/security/advisories/GHSA-7j3j-qj83-9qv4

FAQ

What is CVE-2025-59835?

CVE-2025-59835 is a documented vulnerability. LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file...

How severe is CVE-2025-59835?

CVSS scoring is not yet available for CVE-2025-59835. Check NVD for updates.

Is there a patch for CVE-2025-59835?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.