File Upload Vulnerability in LangBot IM Bot Platform
CVE-2025-59835

8.6HIGH

Key Information:

Vendor

Langbot-app

Status
Langbot
Vendor
CVE Published:
2 October 2025

What is CVE-2025-59835?

The LangBot IM bot platform, used for integrating large language models, has a vulnerability in its API that allows authenticated attackers to upload arbitrary files through the /api/v1/files/documents endpoint. Due to an inadequate restriction on file storage directories, this flaw can lead to the uploading of malicious files to sensitive system locations. Users are advised to update to version 4.3.5 or later to mitigate this risk.

Affected Version(s)

LangBot >= 4.1.0, < 4.3.5

References

https://github.com/langbot-app/LangBot/security/advisorie...
x_refsource_CONFIRM
https://github.com/langbot-app/LangBot/pull/1691
x_refsource_MISC
https://github.com/langbot-app/LangBot/releases/tag/v4.3.5
x_refsource_MISC

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
The Cyber Security Vulnerability Database.