Inappropriate Image Bypass via Model Thumbnails & Decals

Bug Reports Other Bugs
, , , ,
1

Summary:

Unmoderated images can appear on Roblox via model thumbnails and certain decal/image upload paths.
The thumbnail renders content that never passed the normal image/decal moderation, yet it’s shown publicly. (e.g., in-experience via tools that display images with ID input)

Scope observed:

  • Model thumbnails (AssetTypeId 10) displaying unmoderated imagery.
  • Recently created or offsale/private image assets being used in ways that skip review.
  • Higher incidence with unverified/new creators and URL-like names/descriptions.

Why it matters:

Players (including minors) can be exposed to inappropriate content via thumbnails and in-experience surfaces. This is a safety and trust issue.

Steps that show the problem:

  1. Create a model that visually includes an image on a part.
  2. Ensure the model’s thumbnail captures that image.
  3. Publish the model.
  4. The resulting model/thumbnail may show imagery that did not pass image/decal moderation, but is still visible on the website and in Studio/in-experience.
  5. Even if moderated, the thumbnail is still available for a certain period of time. This shouldn’t be possible.

Repro rate: High (consistent over multiple tests)
Last seen: Ongoing; confirmed as of Aug 24, 2025.
Platforms: Studio (Windows), Website (catalog/library), in-experience on PC and mobile.

Related issues:

  • Offsale/private assets are hard to report via the standard catalog page (no public item page).
  • Report abuse system doesn’t clearly support private assets used in thumbnails.

Related bug reports

Thumbnails of moderated assets (including decals) can still be used
Moderated images still shown in the game

Impact:

  • Exposure risk for minors.
  • Erodes moderation expectations (content appears “approved” due to being visible in Marketplace/thumbnail surfaces).
  • Developers must implement heavy server-side blocks as a workaround.

Workarounds used by developers (not platform fixes):

  • Block model-sourced or moderated images for low-playtime users.
  • Flag suspicious metadata (URL-like names, unverified creators, very new assets).
  • Maintain internal blacklists and logs; manual reporting.

Expected behavior

  • Any user-visible image (including thumbnails) should pass the same moderation pipeline as decals/images.
  • Thumbnails should not render from unmoderated/local sources.
  • Marketplace and inventory should only display thumbnails built from moderated asset IDs.
  • A staff-confirmed reporting path for offsale/private assets and thumbnails.

Possible directions (for Roblox):

  • Block or sanitize local/unmoderated image sources in thumbnail generation.
  • Require thumbnails to be derived from moderated image assets (or requeue thumbnails for scanning).
  • Improve report-abuse tooling for private/offsale assets and model thumbnails.

A private message is associated with this bug report

5 Likes