CVE-2025-48067

Medium CVSS: 5.4

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows an attacker with the FILE_UPLOAD permission to exfiltrate files from the host that OctoPrint has read access to, by moving them into the upload folder where they then can be downloaded from. This vulnerability is fixed in 1.11.2.

Vendor

Octoprint

Product

Octoprint

CWE

CWE-73

Yayın Tarihi

2025-06-10 16:15:41

Güncelleme

2025-08-12 13:44:39

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-73 Octoprint MEDIUM Octoprint 2025

Referanslar

https://github.com/OctoPrint/OctoPrint/commit/9984b20773f5895a432f965b759999b16c57f7d8 https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-m9jh-jf9h-x3h2

Benzer Kayıtlar

Medium

CVE-2026-23892

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 a…

Medium

CVE-2025-64187

OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vul…

High

CVE-2025-58180

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.…

Medium

CVE-2025-48879

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to sen…

Medium

CVE-2025-32788

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPri…