Insecure URL Handling in git_clone Leading to Leaked API Key
CVE-2025-10281

4.7MEDIUM

Key Information:

Vendor

Blsops, Llc

Status
Bbot
Vendor
CVE Published:
9 October 2025

What is CVE-2025-10281?

BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL.

Affected Version(s)

bbot Linux 0.0.0 <= 2.6.1

References

https://blog.blacklanternsecurity.com/p/bbot-security-adv...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-10281 : Exposure of GitHub API Key through BBOT's Git Clone Module