CVE-2025-23202

Improper Input Validation in Bible Module for ROBLOX

Description

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Category

10.0
CVSS
Severity: Critical
CVSS 4.0 •
EPSS 0.20%
Affected: devycreates Bible-Module
Published at:
Updated at:

References

Link Tags
https://github.com/devycreates/Bible-Module/security/advisories/GHSA-cm7w-99v2-prrq
https://github.com/devycreates/Bible-Module/commit/5b783855fc3285be2da8639c97ac37af28f8c55a

Frequently Asked Questions

What is the severity of CVE-2025-23202?
CVE-2025-23202 has been scored as a critical severity vulnerability.
How to fix CVE-2025-23202?
To fix CVE-2025-23202, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-23202 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-23202 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-23202?
CVE-2025-23202 affects devycreates Bible-Module.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.