Improper Access Control

commandkit is vulnerable to an improper access control.The vulnerability is due to a logic flaw in how ctx.commandName is populated for message-based command aliases, which allows an attacker to exploit incorrect permission checks or access-control logic when developers mistakenly treat the alias...

CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

CVE-2025-62378 CommandKit exposes incorrect command name in context object for message command aliases

CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling...

CommandKit has incorrect command name exposure in context object for message command aliases

Impact A logic flaw exists in the message command handler of CommandKit that affects how the commandName property is exposed to both middleware functions and command execution contexts when handling command aliases. When a message command is invoked using an alias, the ctx.commandName value...