{"id":"CVE-2025-55449","details":"AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.","aliases":["GHSA-4m32-cjv7-f425","PYSEC-2026-285"],"modified":"2026-07-08T07:22:25.990266238Z","published":"2026-05-08T00:00:00Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55449.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55449.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55449"},{"type":"PACKAGE","url":"https://github.com/AstrBotDevs/AstrBot"},{"type":"PACKAGE","url":"https://github.com/Marven11/CVE-2025-55449-AstrBot-RCE"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/astrbotdevs/astrbot","events":[{"introduced":"16ec462abd71741e133c1c75502a43772c03aac9"},{"last_affected":"16ec462abd71741e133c1c75502a43772c03aac9"}],"database_specific":{"cpe":"cpe:2.3:a:astrbot:astrbot:3.5.15:*:*:*:*:*:*:*","extracted_events":[{"introduced":"3.5.15"},{"last_affected":"3.5.15"}],"source":"CPE_STRING"}}],"versions":["3.5.15","v3.5.15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55449.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}