Injection Attack Vulnerability in Bible Module for ROBLOX Developers
CVE-2025-23202

10CRITICAL

Key Information:

Vendor: Devycreates
Status: Bible-module
Vendor: CVE Published:; 17 January 2025

🔔 Create Devycreates Vulnerability Alert

What is CVE-2025-23202?

The Bible Module, utilized to enrich ROBLOX games with Bible functionality, contains a vulnerability within the FetchVerse and FetchPassage functions, which are prone to injection attacks. This issue stems from inadequate input validation, allowing malicious actors to manipulate API request URLs. Such exploitation could lead to unauthorized data access or tampering, significantly compromising the security of affected applications. Users are highly encouraged to upgrade to version 0.0.3 or later to mitigate the risk, as there are currently no known workarounds for this vulnerability.

Affected Version(s)

Bible-Module < 0.0.3

References

https://github.com/devycreates/Bible-Module/security/advi...

x_refsource_CONFIRM

https://github.com/devycreates/Bible-Module/commit/5b7838...

x_refsource_MISC

CVSS V4

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2025
Vulnerability Reserved
Jan 13, 2025