4.3

CVE-2025-32788

EPSS 0.09%
Veröffentlicht 22.04.2025 17:14:39
Zuletzt bearbeitet 27.06.2025 15:40:23
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

OctoPrint provides a web interface for controlling consumer 3D printers. In versions up to and including 1.10.3, OctoPrint has a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The primary risk lies in potential future modifications to the codebase that might incorrectly rely on the vulnerable internal functions for authentication checks, leading to security vulnerabilities. This issue has been patched in version 1.11.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Octoprint ≫ Octoprint Version < 1.11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.248

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	4.3	2.8	1.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-qw93-h6pf-226x

Vendor Advisory

https://github.com/OctoPrint/OctoPrint/commit/41ff431014edfa18ca1a01897b10463934dc7fc2

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-32788

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32788

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32788

EUVD