CVE-2025-26604

Summary

CVE-2025-26604 is a vulnerability affecting Discord-Bot-Framework-Kernel, a Discord bot framework built with interactions.py. Due to insufficient input validation, the framework allows arbitrary user-submitted code execution. An attacker can exploit this vulnerability by loading a malicious module and extract the bot token, which grants them control over the bot. Additionally, they can load a blocking module to carry out a DDoS attack, impersonate the bot, and potentially gain full system access if the bot has elevated privileges. This issue arises from commits before f0d9e70841a0e3170b88c4f8d562018ccd8e8b14. Users are strongly advised to upgrade their frameworks as soon as possible. Those unable to do so may attempt to restrict their bot's access via configuration options as a temporary measure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.