CVE-2025-65957 HIGH

CVE-2025-65957: Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages

Vendor Intercore-Productions
Product Core-Bot
Weakness CWE-200 · Info exposure
Published November 25, 2025
Last update November 26, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L

What the vulnerability does

01Description

Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.

Key dates

02Disclosure timeline

November 25, 2025 CVE published
November 26, 2025 Record updated