A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload["note"] results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Security readout for executives and security teams
Plain-English summary
CVE-2026-15499 affects AstrBot Scheduled Task handling in versions 4.25.0 through 4.25.2. A user with required access may manipulate a scheduled-task note field and bypass intended authorization. Public exploit material exists, but the provided sources do not show confirmed active exploitation.
Executive priority
Treat as near-term risk for AstrBot environments, not an internet-wide emergency. Prioritize inventory, access restriction, and monitoring because public exploit material exists and no vendor fix is named in the provided sources.
Technical view
The flaw is in FutureTaskTool.call in astrbot/core/tools/cron_tools.py. Manipulation of payload["note"] can cause improper authorization, mapped to CWE-266 and CWE-285. VulDB rates it CVSS 6.5 with network access, low complexity, single authentication, and partial confidentiality, integrity, and availability impact.
Likely exposure
Exposure is limited to organizations running AstrBot 4.25.0, 4.25.1, or 4.25.2, especially where AstrBot is reachable over a network by authenticated users or integrations.
Exploitation context
Remote exploitation is described as possible, and a public exploit is referenced. The CVSS vector indicates authentication is required. This CVE is not listed as KEV in the provided data, and no cited source confirms active exploitation.
Researcher notes
Evidence comes mainly from VulDB and CVE records. Vendor non-response is reported by VulDB. The public exploit reference should be handled carefully; do not reproduce it in operational notes. Patch availability is not established in the provided sources.
Mitigation direction
Inventory AstrBot deployments and identify versions 4.25.0 through 4.25.2.
Check AstrBotDevs or project channels for official fixes or guidance.
Restrict network access to AstrBot to trusted users and systems.
Limit accounts or integrations that can use scheduled task functionality.
Increase monitoring around scheduled task creation, edits, and failures.
Validation and detection
Confirm AstrBot version on each deployment.
Review whether scheduled task functionality is enabled and used.
Check access controls for users or integrations reaching AstrBot.
Review logs for unusual scheduled task changes involving note fields.
Track vendor or VulDB updates for patch and advisory changes.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-266: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
4CVSS vectors
6Timeline events
0ADP providers
6Source links
CVSS vector scores
4 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-266 · source CWE mapping
Incorrect Privilege Assignment
Incorrect Privilege Assignment represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Improper Authorization represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.