CVE-2025-32788

Medium CVSS: 4.3

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.

Vendor

Octoprint

Product

Octoprint

CWE

CWE-290

Yayın Tarihi

2025-04-22 18:15:59

Güncelleme

2025-06-27 15:40:23

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-290 Octoprint MEDIUM Octoprint 2025

Referanslar

https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2 https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x

Benzer Kayıtlar

Medium

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 a…

Medium

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vul…

High

CVE-2025-58180

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.…

Medium

CVE-2025-48067

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.…

Medium

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to sen…