Injection Attack Vulnerability in Bible Module for ROBLOX Developers
CVE-2025-23202
10CRITICAL
Key Information:
- Vendor
- Devycreates
- Status
- Bible-module
- Vendor
- CVE Published:
- 17 January 2025
Summary
The Bible Module, utilized to enrich ROBLOX games with Bible functionality, contains a vulnerability within the FetchVerse and FetchPassage functions, which are prone to injection attacks. This issue stems from inadequate input validation, allowing malicious actors to manipulate API request URLs. Such exploitation could lead to unauthorized data access or tampering, significantly compromising the security of affected applications. Users are highly encouraged to upgrade to version 0.0.3 or later to mitigate the risk, as there are currently no known workarounds for this vulnerability.
Affected Version(s)
Bible-Module < 0.0.3
References
CVSS V4
Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved