This would prevent two types of attacks against the bot and its users, replay attacks and user forgery.
How to do it: Instead of assigning callback data in the current form (with all relevant data contained) to the keyboard callback buttons, there should only be a random UUID. The bot then receives a callback, replaces the UUID with the data from the database and forwards it. It also needs to instantly drop the UUID and the data from the database, because otherwise replay attacks would be possible. Then, those two attacks would be mitigated.
This would prevent two types of attacks against the bot and its users, replay attacks and user forgery.
How to do it: Instead of assigning callback data in the current form (with all relevant data contained) to the keyboard callback buttons, there should only be a random UUID. The bot then receives a callback, replaces the UUID with the data from the database and forwards it. It also needs to instantly drop the UUID and the data from the database, because otherwise replay attacks would be possible. Then, those two attacks would be mitigated.